Phishing Emails
Expect phishing emails to be on the rise. Cyber criminals use phishing emails to convince you to disclose sensitive information or open malicious links and attachments. If you fall for the phish, your systems, data, passwords, credit cards, and bank accounts could be at risk.
Phishing e-mails can be difficult to spot. Expect to receive well-composed phishing attempts that are impersonating trusted entities such as government agencies and charities.
Here are some indicators to look out for.
- E-mails inspiring a sense of urgency to click a link or provide information. In this case, you may see e-mail subjects such as “StandWithUkraine.”
- E-mails with spelling or grammatical errors.
- E-mails that ask you to follow a strange process, such as purchasing and sending gift cards as donations.
Malicious Websites
Threat Intelligence groups have observed a large increase in the number of new Ukraine-related domains and web sites in the last month. Some of these domains were registered for the legitimate purpose to support humanitarian efforts. Others were registered by cyber criminals to establish fake websites that imitate genuine support efforts. These fake web sites are often advertised via social media and linked to via phishing e-mails. Malicious web sites may steal your information or infect your devices with malware.
Cryptocurrency Scams
Cryptocurrency has become a popular investment, but also comes with some security risks. Paying with cryptocurrency comes with limited legal protections, the industry is relatively unregulated, and scams are common.
Here are some cryptocurrency scams that have been observed related to the Ukraine Emergency.
- Cyber criminals posing as the Ukraine government soliciting donations to newly established crypto coins. The “Peaceful World” and “SAVE UKRAINE” tokens are examples of coins that were established by criminals.
- Cyber criminals posing as Ukrainian citizens in need of donations, specifying a specific crypto address to send funds.
Cyber criminals posing as legitimate charities such as UNICEF and the Ukraine Red Cross Society, soliciting bitcoin deposits.
E-mail Security
- Be wary of unexpected e-mails, especially when they contain links and/or attachments.
- Think twice before clicking a link. Always hover before clicking to see the address of the web site you are attempting to visit.
- Never click a “Click Here,” “Unsubscribe,” or any other links in suspect emails.
- Never send sensitive information via email. If you receive an email from an unknown source or one that seems suspicious, do not reply.
Web Site Security
- Never assume that links shared on social media or via e-mail are safe.
- When performing searches, inspect search engine results carefully before clicking to visit web sites.
- Beware of ads, windows, or pages that prompt you to click to run or install software. Read all messages and warning prompts carefully before clicking, and do not download files or install software from untrusted web sites.
- Never input a username, password, or any other sensitive information on unknown sites.
Cryptocurrency Security
- Research cryptocurrency exchanges before you buy from them. Confirm what security features they offer and whether they have been compromised by hackers in the past.
- Research the cryptocurrency you are interested in before you buy. Read the whitepaper and verify the track record and reputation from a trusted source.
- Store your cryptocurrency safely. Crypto secure wallets provide some protection from theft. Consider using an offline “cold” wallet to reduce the risk that your funds can be stolen via a cyberattack.
- Never send cryptocurrency to unknown organizations or individuals. Verify the legitimacy of the recipient before performing your transaction.
The Marin Community Foundation has compiled a list of reputable organizations that accept donations. Please visit the Supporting Ukrainians page on the Marin Community Foundation web site for more information.
|