Watch out for fake charities asking for donation to support Ukraine

Ukraine donation scams | White Blue Ocean Blog

Amid Russia’s invasion of Ukraine, there have been several warnings on spikes in fraudulent activity carried out by criminals seeking to capitalise on the Ukrainian humanitarian crisis. Numerous reports from across the world show that fraudster are currently tricking people into making donations to fake charities, in order to then pocket the money that was meant to help Ukrainian refugees. It is thought that the amount of money siphoned by fraudsters since the beginning of Russia’s invasion could be of millions of dollars. 

Typosquatting: popular method used by fraudsters

There are numerous tactics that fraudsters can use to scam unsuspecting people trying to donate to charities for a good cause. One of the most common tactics witnessed during this latest scamming campaign is a technique known as typosquatting. Cybercriminals that use this method typically register domain names that are a slight variation or misspelling of a popular site. The link to the fraudulent website it then typically circulated via email as part of a phishing campaign. In this case, cybercriminals were seen distributing emails asking to donate to the Ukrainian cause by clicking on a link. The link would then take to the fraudulent website, where customers would insert their credit or debit card details, and unknowingly send the money straight into the cybercriminals’ pockets. The typosquatting method also targets people who type a website address incorrectly in the web browser URL field, which will result in them navigating to the dummy website that typically tries to mimic the real one in its design and logo.

Fraudulent websites that are created following the typosquatting method can have domain names that present common typos and misspellings (such as “” instead of “”), missing letters, numbers substituting letters, additional hyphens, wrong domain extensions (.com instead of .org), alternative spellings, and additional words.

This type of fraudulent activity has hit cryptocurrency donations meant for Ukraine as well. In fact, scammers have been tricking individuals through phishing webpages, forum posts and links sent via email. While Ukraine managed to raise over $37 million in cryptocurrency donations, many donations did not reach their intended target, as cybercriminals were siphoning cryptocurrency by setting up Bitcoin and Ethereum addresses not affiliated with the Ukrainian government or with any charities. Cybercriminals were also sending phishing emails impersonating The United Nations Office for the Coordination of Humanitarian Affairs.


How to spot fake charities and make safe donations

Individuals wishing to donate to a charity should always do some research on the entity, both online and on social media, by typing the name of the charity and words like “scam” or “complaints” to check whether any results show up.

It is always recommended to donate to established and experienced charities to make sure the money is used for the right cause, and it is important to keep an eye out for copycat organisations that use the same name. 

To avoid navigating to a dummy website, users should avoid clicking on links they receive via email. Often cybercriminals, purporting to be charities, try to trick users into clicking on a link by claiming they have already donated to the same charity in the past. For users who wish to donate to a charity it is advised not to click on any link, and to instead go directly to the charity’s website by carefully typing in the address bar to avoid spelling mistakes. It is good practice to always double check for slight spelling differences or missing letters.

Fake charity pages will also typically present spelling mistakes and imperfect grammar in the body content, so paying attention to this detail could prevent users from falling for scams.

To check the trustworthiness of a charity, users can check on the UK government website the charity’s name and registration number. In the US, users can verify the legitimacy of charities by cross-checking on watchdog groups like CharityWatch and CharityNavigator to see the rating given to a specific charity. An extra step would be to check the charity’s name on the IRS’ Tax Exempt Organisation Search, as if a charity is legitimate it should be registered, as donations are tax-deductible.

When making donations to a charity it is advised to never use cash, gift cards or money wires, and to even avoid using debit cards. Donating with credit cards is the safest options, as there is a clear payment trail should a user want to dispute charges. If a charity does not accept credit card payments, it is most likely a scam.


Fraudsters and cybercriminals are known to capitalise on major events and on the feelings of confusion, fear and empathy that these elicit. The scam related to the Ukrainian donations is the latest example, as fraudsters adjust and update their scams to keep up with new events and high-profile stories. In fact, at the beginning of the Covid-19 pandemic scammers took advantage of the fear and uncertainty caused by the unprecedented situation, to set up fake charities and siphon donations and/or steal personal data.

The information contained in this article is provided by White Blue Ocean, part of CRIF Group, a global company specializing in credit & business information systems, analytics, outsourcing and processing services, as well as advanced digital solutions for business development and open banking.

Reference List:

The information contained in this article is provided for informational purposes only and does not constitute professional advice and is not guaranteed to be accurate, complete, reliable, current or error-free.

Related news

RDoS: adding the Ransom element to DoS | Read White Blue Ocean Blog
RDoS: adding the Ransom element to DoS

In a continuous effort to find new techniques to extort money from targets, cybercriminals have conceived a new and more aggressive version of the popularised Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. This type of attack, named Ransom Denial of Service (RDoS), first appeared in 2016, but made a comeback in 2020 and 2021, taking advantage of the ever-increasing number of interconnected devices, and of the remote working arrangements caused by Covid-19.

Read more
The dangers of VPN credential leaks | White Blue Ocean
The dangers of VPN credential leaks

The increased reliance on VPNs made the latter an attractive target to cybercriminals. In particular, threat actors began exploiting one of the known weakest links in the chain: users’ passwords.

Read more
SIAE Data Breach

News of the latest cyberattack comes from Italy, where on the afternoon of the 20th October it was disclosed that SIAE, the Italian Society of Authors and Publishers, was targeted by a ransomware attack. SIAE, which was founded in 1882, is the Italian copyright collecting agency for artists in different areas of the entertainment industry, including television, music, theatre, visual arts and literature, and aims to guarantee that artists receive the right remuneration for their work.

Read more
Why phishing emails contain errors?

You have probably noticed that all the phishing mails are poorly written and some details may let us think they are somewhat unprofessional. Find out why.

Read more


Let's talk

Please fill in the form below (fields with * are mandatory) and we will respond to your request as soon as possible!