Skip to main content

Email security firm reports surge in Ukraine invasion phishing scams

man using an email client on a laptop
(Image credit: Getty)

Researchers at email security firm Tessian have been monitoring a dramatic upward trend in suspicious emails following Russia’s invasion of Ukraine.

The company noticed a flurry of email campaigns appearing after just one day of the initial invasion. Scammers were found to be taking advantage of the crisis, using impersonation techniques to get donations via bogus organisations.

In the time since, Tessian has found that the registration of new domains containing ‘Ukraine’ has increased dramatically, rising by 210% compared to 2021.

Tessian has observed, on average, 315 new domains being registered every day since February 2022. Over three quarters of those (55 percent) were discovered to be suspicious. 

Researchers have also identified new scams too. One involves threat actors impersonating legitimate organisations including the Red Cross, pressuring users into sending cryptocurrency payments using a fraudulent QR code.

Related: Best data recovery software.

Bitcoin cryptocurrency donations

Other scams involve supposed aid efforts in Ukraine, which go on to request Bitcoin cryptocurrency donations. The messages are designed using website elements such as text and logos from legitimate organisations like UNICEF, Actalliance and the Australian Council for International Affairs (AFCID) in order to make them appear more convincing.

Tessian Defender, the company’s phishing detection software, identified the biggest spike in email scams during the first week of March, with a sustained salvo of campaigns being recorded ever since.

Charles Brook, threat intelligence researcher at Tessian comments: “While there are certainly many legitimate organizations that do accept cryptocurrency donations, it’s important to be cautious of any email requesting donations - especially if it’s unsolicited. People need to be extremely cautious of any email purporting to aid or receive donations in an effort to support the humanitarian effort in Ukraine. 

“Before engaging with any Ukrainian themed email, or website which you have not used before, always cross-verify its authenticity, check the email header, and even reach out to officially verified sources on Twitter to confirm its authenticity before taking any further action.”

Tessian advises the best way to make a donation is to head directly to your preferred charity, or check with the Gov.UK website for official advice and guidance, and not to reply to any spurious emails.

How to find the best website hosting.

Rob Clymo has been a tech journalist for more years than he can actually remember, having started out in the wacky world of print magazines before discovering the power of the internet. Since he's been all-digital he has run the Innovation channel during a few years at Microsoft as well as turning out regular news, reviews, features and other content for the likes of TechRadar, TechRadar Pro, Tom's Guide, Fit&Well, Gizmodo, Shortlist, Automotive Interiors World, Automotive Testing Technology International, Future of Transportation and Electric & Hybrid Vehicle Technology International. In the rare moments he's not working he's usually out and about on one of numerous e-bikes in his collection.