Scammers Target Ukraine Donors

News / By / donor scam, donors, fraud, scam, scammers, ukraine, ukraine donors
Scammers Target Ukraine Donors

At the height of the Russian invasion, scammers target Ukraine donors using various email phishing tactics. This blog was originally written as an article published in the Star Tribune Business Section, on March 13th, 2022. See below.

Star Tribune: “How to Guard Against Scammers Preying on Donors to Ukraine”

The Russian invasion of Ukraine is a tragedy.

Scammers see these types of tragedies as an opportunity to turn your compassion, generosity, sympathy and vulnerability into a money-making venture.

Events that have transpired over the last two years have pulled our nation and world together in numerous ways. The generous nature of many Americans has been exemplified more than ever and our compassion for the people affected by the Russian invasion of Ukraine is no different.

It is inevitable, if it hasn’t already happened, that you will be receiving e-mails from fraudsters, hackers and scammers from different parts of the world.

Hopefully, the “spam” and “junk” functions of your e-mail provider will help sift through the nonsense and keep your inbox clean. However, no e-mail provider has a complete foolproof process.

Unfortunately, there is no real solution if you have fallen victim to an e-mail scam or phishing scheme. But here are some ways to guard against them:

  • Do not confuse the “sender” with the e-mail address. For example, the sender may be disguised as “Ukraine Relief,” but when you inspect the e-mail address, it may read something to the extent of “6ga62j9kk0@gmail.uk”.

Make sure that the sender is using an e-mail from a proper domain, such as “@ukrainerelief.com.” If a proper domain is used, your first step is out of the way. Even companies like Google won’t use “@gmail.com” rather than “@google.com.” No legitimate organization will send e-mails from a domain such as gmail.com, yahoo.com, aol.com, microsoft.com, etc.

  • If you have determined the e-mail is coming from a proper domain, ensure the domain name is spelled correctly. It is very common for scammers to slightly misspell the name of legitimate organizations to create the appearance they are legitimate.

For example, a scammer trying to present themselves as McDonald’s may spell the domain “McDonolds.com.” More specifically, the most common swapped letters for scammers are vowels, as displayed in the McDonald’s example.

  • Having a formal business registered with a secretary of state’s office does not necessarily give an organization validity. Anyone can set up a business in 30 minutes on a state website after a quick read, paying a simple filing fee and filling out some information.

Further, any organization collecting funds to support Ukraine would be established long before the invasion was initiated, as receiving tax-exemption status is a lengthy process that takes months and in some situations years to finalize. Most institutions that are legitimately collecting funds to support Ukraine have initiated new campaigns outside of their normal fundraising and business processes. Therefore, the organization will be easy to locate on open-source internet searches.

  • The contents of the e-mail should tell you everything. Any formal and legitimate organization sending out mass e-mails will use proper grammar, correct spelling and normal sentence structure.

If you read an e-mail that seems off, it probably is. Having good sentence structure and grammar does not legitimize a business, but a poorly written e-mail should put you on guard.

If the tone of the e-mail is creating a sense of urgency, maybe even making you feel uncomfortable, you need to be extremely cautious. Most nonprofit and relief organizations will tell their story, provide their tax-exemption information, give you a domain to research and let you make the decision for yourself. Stay away from e-mails that make demands such as “ACT NOW” or “DON’T WAIT” or “YOU’RE LOSING TIME!”

If links or attachments are provided in the e-mail, inspect each element to ensure the link is redirecting you to the actual website it displays. For example, if “ukrainerelief.com” is hyperlinked to anything other than “ukrainerelief.com,” do not click on it.

In most scenarios, you can right-click on the link and copy and paste the address onto a Word document or something comparable. This should shed some light on the legitimacy of the hyperlink.

If you are interested in donating to the Ukraine relief efforts, do your research, be overly cautious and find organizations that are well-established. There are numerous organizations doing great things for Ukraine and your compassion and generosity should be used to fund legitimate efforts. We hope these tips helped you learn more about how scammers target Ukraine donors.

Cory Svihla is a director and co-founder of Intellex Forensics, Minneapolis. For another article written by Svihla, check out Global Fraud is on the Rise.