Tue, Mar 15, 2022

Is Your Donation Helping the People of Ukraine – Or Enriching a Cyber-Criminal?

The invasion of Ukraine has caused enormous human tragedy with millions displaced and many more in desperate need of basic supplies and transport. Donation websites quickly appeared to make supporting Ukraine easy—so quick, in fact, that it was reminiscent of the 2019 Notre Dame de Paris fire and the immediate groundswell of enthusiasm that followed for rebuilding the iconic church. Despite the incredulity of mobilization, the speed at which these websites appeared begged the questions: what sites were real, and which were scams trying to take advantage of people’s good faith? 

Within a few hours of the fire, there were false websites which purported to be collecting funds for the restoration of the cathedral. They looked real, had photos of the fire (taken from news sites) and had links to accept donations. But they were either from organizations no one had heard of or from seemingly legitimate organizations but with odd web addresses. What’s worse, because of the global shut-down of the “Whois” function of the global domain naming system (in response to an interpretation of the EU’s General Data Protection Regulation, or GDPR) it was impossible find out what entity had actually registered the URL. Bad actors can use similar tactics to take advantage of those trying to help the people of Ukraine.

How to Ensure Donation Pages Are Legitimate

Trusted sources, like newspapers and television stations, will typically identify legitimate organizations or websites that are accepting donations and dispersing those funds appropriately. Additionally, other well-known charitable organizations, like the Red Cross, are already helping and have information on how donations can be made. 

If you do choose to donate, keep in mind the below red flags to watch out for. If you see any of these when looking at a contribution site, think twice (or more) about trusting it.

  • Odd web addresses: Web addresses that don’t clearly reflect the name of the charity they purport to represent are suspicious. 
  • Odd ways of contributing: Any sites that indicate the best way to help is to buy a gift card or a pre-paid credit card and to transmit the numbers from those cards to the charity. Charities don’t operate in this way.

Even if the site purports to take credit card payments, their objective may be to gain access to your credit card information. Only trust organizations you know, or which have been vetted by organizations you trust. Furthermore, avoid using a debit card, as it could be used to wipe out your entire bank account. Credit cards often have fraud guarantees from the issuing bank to protect you. 

If you are considering donating to the Ukrainian people, take a moment to ensure that your contribution is going to a reputable source and will ultimately end up where you intended it to, and not in the hands of a cybercriminal.

Cyber Risk

Incident response, digital forensics, breach notification, managed detection services, penetration testing, cyber assessments and advisory.