Ukraine-crisis scams: 3 things consumers should watch out for

Cyber criminals always try to exploit current events. With tragedy unfolding in Ukraine and capturing the world’s attention, scammers are finding ways to make money from the crisis.

Norton Labs found several types of scams exploiting the Ukraine conflict, and here is what consumers should keep an eye out for.

1.     Donation and Charity Scams

What we have seen: When disaster strikes — whether hurricane, fire, or war — people want to donate money to help others experiencing times of hardship. But scammers leverage generosity to trick people into giving money to fake charities and organizations. Norton Labs found several donations scams attempting to capitalize on the recent events in Ukraine.

Scammers jump at the chance to register domains related to the current crisis. We saw a dramatic increase in domains registered with a Ukrainian fundraising-related theme within the first few days of the conflict. New domains registered incorporated the keywords "donate," "Crypto," and charitable keywords in conjunctions with the word "Ukraine." You can see below that the amounts of domains registered peaked March 1, when we saw more than 750 new domains registered with these related keywords.

Scammers also diversify their strategies to lure victims and the currency they accept. Cyber criminals will use the name and likeness of brands, media outlets, public figures, and more to try to build credibility. They will also try to make it easier to take your money, by accepting various types of currency. Most recently we spotted fake charity pages accepting Bitcoin, Ethereum, Tether, and Dogecoin, among more traditional currency.

Advice: Use caution before donating money to any website. It is smart to make sure that you are donating to a trusted organization through a trusted channel, and not a random website you found via an email, social media, or a text message.

2.     Romance Scams

What we have seen: Romance scams involve someone being tricked into believing they are in a relationship with someone they met online, but that person is a scammer with the intention of building trust with the victim to gain access to money. The FTC reported that victims lost $304 million to romance scammers in 2020.

Romance scammers look for intriguing backstories, including current events, to build credible backstories, and we found the scammers aren’t staying away from the Ukraine crisis. As part of our ongoing research into romance scams, we stumbled on “Barry,” who was exploiting the situation in Ukraine to try and woo “Ann,” a persona Norton Labs researchers created to lure scammers.

Check out this snippet of communication with “Barry,” a romance scammer.

You’ll see “Barry” mentioning that he would “check on the base to know how many boys [had] been sent to Ukraine,” and he said he needed to talk to the vice president for more marines. This is a very unlikely story, given the current political climate and his ambiguous title of marine officer with direct communication to the vice president. 

We continued communication for a few hours, where the scammer revealed a few more telltale romance scam signs. Examples included asking if Ann had a car or a house, getting impatient with our breaks in communication, wasting no time expressing infatuation with Ann.

Advice: It is always a good idea to be careful when meeting people online, especially if they have a convenient story that makes it impossible to meet in person. If they seem to fall in love quickly and start to ask for financial help directly or to move money for them, these are big red flags.

3.     Misinformation, Disinformation, and Malinformation (MDM)

What we have seen: The events in Ukraine have  also sparked social media campaigns designed to inspire, deceive, and generally affect public sentiment. Inaccurate misleading information shared on social media does not fit neatly into a single category. The United States Cybersecurity and Infrastructure Security Agency’s MDM team is developing strategies to mitigate MDM and provides these definitions:

• Misinformation is false, but not created or shared with the intention of causing harm.
• Disinformation is deliberately created to mislead, harm, or manipulate a person, social group, organization, or country.
• Malinformation is based on fact, but used out of context to mislead, harm, or manipulate.

While many social media companies have been taking steps to limit misinformation on their platforms, the volume and diversity of Ukraine-related posts challenges these systems. Here are a few examples our researchers found of Ukraine-related MDM:

• A recent video was captioned to suggest Russian military jets flying in formation over Kiev in 2022. The footage was recorded in 2020 and shows the jets flying over Russia.
• This tweet includes a video claiming to show the Ghost of Kyiv, a potentially mythic Ukrainian pilot rumored to have shot down five Russian jets. The video has since been debunked in multiple news outlets.
• Posted originally on TikTok in 2021, this video was reposted and described as showing a Ukrainian woman giving instructions on driving captured Russian heavy vehicles. As with other examples, these claims were quickly evaluated and found to be false by multiple fact-checkers.
• A deepfake video posted to YouTube and Facebook appeared to show Ukrainian President Volodymyr Zelensky surrendering to Russian forces and instructing Ukrainian soldiers to lay down their arms and surrender. The use of a deepfake video presented a new front in cyberwarfare, which Ukraine appears to have prepared for.

Advice: Resist the temptation to impulsively agree with what you read, hear, and see on social media, even it supports your point of view. Be careful who you trust, and what you decide to propagate on social media. Make sure that images and videos come from reputable sources that perform fact-checking and have people on the ground to validate information. Also consider how the tools of social media fact checking can be mimicked to trick people into believing MDM content has been independently fact-checked. Finally, rely on tools designed to identify MDM, especially deepfakes, and assist with media literacy.

In conclusion: While the situation in Ukraine is evolving, so are the cyberthreats facing consumers. Continue to stay alert for attempts to exploit the conflict and be skeptical of news you receive on social media.

Editorial note: Our articles provide educational information for you. NortonLifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about. Our goal is to increase awareness about cyber safety. Please review complete Terms during enrollment or setup. Remember that no one can prevent all identity theft or cybercrime, and that LifeLock does not monitor all transactions at all businesses.

Copyright © 2022 NortonLifeLock Inc. All rights reserved. NortonLifeLock, the NortonLifeLock Logo, the Checkmark Logo, Norton, LifeLock, and the LockMan Logo are trademarks or registered trademarks of NortonLifeLock Inc. or its affiliates in the United States and other countries. Other names may be trademarks of their respective owners.