Most frequently, cyber threat actors aim to capitalize on high-conflict environments by deploying tailored scams and social engineering schemes.

Several malware and phishing campaigns have been recently observed, having the intent to acquire funds, obtain personal or financial information, and spread malicious software. One instance found a malicious campaign from a .SHOP top-level domain which requested support for the people of Ukraine via cryptocurrency donations—it appears similar to the reported authentic requests for cryptocurrency donations from Ukrainian officials on their respective social media pages. The email, however, contains grammatical errors and does not include other indicators of legitimacy. 

Further, cyber threat actors are targeting unsuspecting, concerned users via phone calls, emails, text messages, social media posts, online forums, and online advertisements. These communications may include fraudulent links or attachments that supposedly include information on how and where to donate or provide assistance. Some websites may claim to be legitimate organizations soliciting desperate pleas for help but do not state how the aid will be used.

Furthermore, Russian-based credential harvesting attacks increased dramatically since February 27, 2022 with targets that include US and European manufacturing, international shipping, and transportation sectors. These emails impersonate CEOs or internal employees sending urgent documents, or spoof Microsoft emails to convince unsuspecting victims to click on links to keep their account active.

Recommended Actions

Users and companies must educate themselves and others on these continuing threats and tactics to reduce victimization. All are advised to research and make donations to only reputable, known, and verified websites/charities, and verify the charity has already established a solid presence in Ukraine.

At the same time, refrain from responding to unsolicited communications, clicking links, and opening attachments from unknown senders, and exercise greater caution with communications from known senders. If you are unsure of the legitimacy, contact the sender via a separate means of communication – such as by telephone– before taking any action. Navigate directly to legitimate websites and verify websites prior to providing sensitive information or funds.

A continual best practice is to keep systems up to date and implement security controls that help prevent account compromise, including establishing strong passwords and enabling multi-factor authentication (MFA), and choosing authentication apps, such as Microsoft Authenticator, over SMS text-based codes.