Crypto scammers are filling inboxes with fake ‘donate to Ukraine’ emails

Scammers are continuing to weaponize Russia’s ongoing war in Ukraine in order to propel their immoral money-making schemes. There have been a slew of scams ranging from fake charity websites hosted on freshly registered domain names to phishing campaigns looking to steal sensitive information from potential donors to Ukraine.

Now, new research from email security firm Cyren looks into just how cryptocurrency fraudsters are utilizing email spam for their latest Ukraine-related fraud.

According to the report, researchers at Cyren have uncovered more than 100,000 emails per day attempting to trick targets into donating to Bitcoin or Ethereum wallets setup by the scammers.

Domain names come into play once again with these email scams, as Cyren discovered a “large number” of these emails were spoofing email addresses using domains that were related to Ukraine in order to look “authentic.” However, a “significant number” of especially brazen scammers just used plain old Gmail addresses when trying to defraud their targets. 

In addition, some scam emails directed targets to recently created websites disguised as official charities benefitting the Ukrainian people. With a newly registered URL, often containing the word “Ukraine,” and their scam page setup, fraudsters will then try to direct potential victims via email to the fake charity website. Once on the site, scammers provide the target with a number of cryptocurrency wallets purporting to belong to organizations fundraising for Ukraine. These digital wallets belong to the fraudsters and none of the funds will be distributed to charities.

Many of these emails used common internet marketing strategies, such as a call-to-action and appeal to a potential victim’s emotions right in the email subject line. “Help Ukraine war victims” and “Help Ukraine stop the war! – humanitarian fund raising” are two examples.

When the official Ukraine government Twitter account decided to post its now infamous tweet with its Bitcoin and Ethereum addresses, it unintentionally provided crypto scammers with a blueprint for their schemes. Many of these scammers use that very @Ukraine tweet as a template – of course, with the Ukraine’s legit Bitcoin and Ethereum wallet addresses swapped out for theirs – within their scam emails and on their websites.

Researchers at Cyren found that more than 50 percent of the emails were routed through the U.S. Other popular apparent email origins include Indonesia, Brazil, India, South Africa, and Colombia. Cyren notes that this doesn’t necessarily mean that the emails originated in these countries, but that the server where the email came from is located in that particular place.

Those looking to donate to help the people affected by the ongoing crisis caused by Russia’s war in Ukraine should look for legitimate organizations and official donation links. They definitely should not donate to any cryptocurrency wallet or website address sent to them via unsolicited emails.