Security
Headlines
HeadlinesLatestCVEs

Headline

Fake USA for UNHCR site wants your Ukraine donations in Bitcoin

Scammers are disguising their phishing page as a donation hub for Ukrainian refugees. The post Fake USA for UNHCR site wants your Ukraine donations in Bitcoin appeared first on Malwarebytes Labs.

Malwarebytes
#web#google#git#intel

Since Russia began invading Ukraine in late February, many organizations have set up donation pages to aid the most heavily affected: Families who were forced out of their homes due to bombings and children separated from grown-ups who decided to stay and take arms.

We’ve also seen a considerable amount of scams preying on those who want to bring help to the helpless. During these times of struggle, donation and phishing scams abound, too.

There’s a spam campaign encouraging you to donate to or support Ukraine

Our email honeypot snagged dozens of samples belonging to a campaign that spoofed an email that receivers were meant to believe came from the United Nations or United Humanitarian.

Our Threat Intelligence Team took a closer look and found that the actual senders are work email addresses of individuals linked to legitimate services in Bangladesh. The emails appeared to be compromised.

Hello

We stand with our friends and colleagues in Ukraine during this heinous assault on their freedom, their independence and their lives. We are actively supporting our resilient team and are doing what we can to insure their safety, click on the Link to see more updates or photos and videos of the invasions from Russian. Donate and Support Ukrainian now to save lives.

Visit: {redacted URL}
       {redacted URL}

Thanks for your support.
Regards
UNITED HUMANITARIAN

Clicking the links in the email body, or copying and pasting them to your browser, opens this legitimate looking website:

We inspected the URL using a domain registrant and found it was created on April 19 2022, two days before we started receiving the spam emails.

Be extra vigilant with “mirrored” sites

The scam page looks slick, professional, and not what you may expect from a bogus donation portal. There’s a good reason for this. The entire site has been copied from unrefugees.org using HTTrack, a free website copier.

This is inside the code of the fake refugee website helping Ukraine families flee. Website copiers can make a fake site a spitting image of its original counterpart.

Unrefugees.org is the USA for UNHCR (United Nations High Commissioner for Refugees). It is a Washington-based, not-for-profit organization whose mission is to provide food, shelter, and medical care to those fleeing their homes due to conflict, persecution, or violence.

While the fake site mirrors the legitimate site perfectly, it has one major exception: They switched out the genuine donation page for one of their own. The real site allows you to donate monthly via credit card, Google Pay, or PayPal. Donations made to the fake site, however, are made through Bitcoin.

This is the form donors would have to fill in.

We checked multiple sources for information on the Bitcoin address provided. It doesn’t appear in scam databases or fraud reports and has neither sent nor received funds. This, combined with the site now failing to resolve, hopefully means the scammers got nowhere with their phishing attempt.

How to tell if a donation site is what it says it is

It’s very difficult to know at a glance which sites are real. This is especially true where donations are concerned. However, there are tools available to check.

You can check for registered charities online in most cases, and the genuine site is listed here against the BBB (Better Business Bureau) record. You can find similar types of checks in other countries.

There are very good reasons for making speedy donations. Even so, taking the time to ensure the site you’re donating to is the real deal is the best course of action for both you and the people you’ll be helping.

Stay safe out there!

Malwarebytes: Latest News

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA