For the past three months, most media news headlines have been talking about a painful subject that leaves no one indifferent: the war. Since the start of the Russian invasion of Ukraine, the international community has been helping the victims by donating to various charities and providing direct assistance to those in need. Along with that, however, there are a lot of criminals ready to take advantage of the global tragedy and use this crisis as the platform for their crimes.

For the last few months, Cyren Inbox Security has seen a rise in scams related to charity and donations. Cyren security experts explain that this type of fraud is very dangerous because its nature and content appeal to emotions. When so many people are in need for assistance and the entire world is willing to give a hand, it is truly challenging to distinguish between an actual request for help and a convincing scam.

The perfect formula: easy to implement, hard to detect

A scam is a type of attack that is easy to implement as it doesn’t require any special programming or engineering skills. To pull out this type of fraud, the scammer only needs to be persuasive and have good writing skills. Since requests for assistance and donations come from so many (often unknown) people and because the pattern of requests is random, the scammers can effortlessly avoid detection while security experts have the difficult job of preventing potential victims from being tricked.

Our investigation shows that scammers use easily generated addresses obtained from free webmail vendors. The scammers are highly effective at creating a relatable personal story that makes the recipient feel involved. The creativity here is virtually unlimited, with underlying stories ranging from being primitive and boring to those filled with disturbing details.

Latest Cyren Inbox Security catches 

Let’s analyze a few examples of the recent scam attempts detected by Cyren.

A fraudster who introduces herself as Bohdana Aleksander shares that her husband was killed during the war in Ukraine.

Sample email 1 header

She then explains that because of the war, she became a political refugee and proceeds to mention some family funds that she allegedly cannot use due to her status.

Sample email 1 body (part 1)

Finally, the scammer delivers the good news: she is willing to transfer her family funds to the recipient’s account so they can be invested in the country of the recipient. Naturally, she assures the recipient of complete confidentiality. Note an important detail:  the private email addresses provided in the body of the letter do not match the email address from which the original email was sent.

Sample email 2 body (part 2)

Here is another case, no more elaborate than the first. A certain Hee Joung tells a painful story of losing her entire family in the war in Ukraine.

Sample email 2 header

It turns out the sender has a substantial amount of money that needs to be transferred to another country. Hee Joung needs to leave Ukraine immediately and is asking the potential victim to assist her in making the transfer, offering a subsequent reward. You can figure out the rest.

Sample email 2 body

Detected and Protected by Cyren Inbox Security

Cyren Inbox Security was able to scan and automatically detect these suspicious emails. With the 24×7 Incident Response service, all the attacks were immediately investigated by our qualified analysts and confirmed as scam for all Cyren Inbox Security customers.