Earlier this week, we spotted a Microsoft sign-in phish that appeared to be taking advantage of the Ukraine crisis in order to scam people. The email warned of unauthorized log in attempts to the recipient’s account, and the location of those attempts was listed as “Russia/Moscow”. We probably won’t ever know whether this campaign is definitely inspired by current events, but one thing is for sure, the latest spam campaign we’ve seen recently is.

In this latest spam mail, which allegedly originates from @president.gov.ua, which is clearly a spoofed domain.

The very timely spam asking recipients to help war refugees by donating using nontraditional ways of paying.
(Source: Stefan Dasic | Malwarebytes)

The header image looked like a stretched Ukraine flag, suggesting it was not professionally made. The text below it reads:

A donation campaign has been launched to support Ukraine and also help refugees fleeing the conflict area in Ukraine

The campaign, organized by the humanitarian organization Act of Peace, is hoping to raise $9,000,000 to support refugees in the region.

Stand with the people of Ukraine. Now accepting cryptocurrency donations. Bitcoin, Ethereum, USDT and NFT.

USDT is Tether, a kind of cryptocurrency. It’s interesting to note that they accept NFTs as “donation”.

There are no misspellings, which is seen as a classic red flag in scam mails. Act of Peace is also a legitimate humanitarian organization based in Australia, and it does have an exclusive donations page for the Ukraine crisis. What it probably doesn’t have is access to an email server it can use to send donation emails on behalf of the official website of the President of Ukraine.

Stay vigilant

If you really want to finance humanitarian aid to help Ukrainian refugees, here is a helpful Twitter thread of verified organizations put together by Ukrainians themselves that you can check out.

Remain vigilant. The last thing you want is to hand over your hard-earned money to help the hurting only for it to end up inside scammers’ pockets.

Stay safe!