{"id":18800,"date":"2022-04-19T09:10:05","date_gmt":"2022-04-19T17:10:05","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2022\/04\/19\/news-12533\/"},"modified":"2022-04-19T09:10:05","modified_gmt":"2022-04-19T17:10:05","slug":"news-12533","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2022\/04\/19\/news-12533\/","title":{"rendered":"Watch out for Ukraine donation scammers in Twitter replies"},"content":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Tue, 19 Apr 2022 16:40:43 +0000<\/strong><\/p>\n<p>The invasion of Ukraine has been a money making opportunity for scammers since the moment it began: Fake donation sites, bogus Red Cross portals, phishing pages, the works.<\/p>\n<p>These scams can also be found on social media.<\/p>\n<h2>Faking donations on Twitter<\/h2>\n<p>Some users of social media have become very well-known for their tweets inside affected regions. Others who were already well-known have become even more so. The ones asking for medical assistance, donations, or replacements have had some success raising whatever has been required.<\/p>\n<p>Unfortunately, we\u2019re seeing scammers try to capitalise on these activities. One such request on social media came via a well known Twitter user, @Xenta777, asking for military equipment-related donations:<\/p>\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\">\n<div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Friends, I&#39;m afraid that I really burden you with different requests, but I need your help<br \/>My good friend (ex-boss) asks to help with raising money for their special unit<br \/>Here is the invoice with special devices they need right now<br \/>If you can donate even 1$, please DM me<br \/><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/2764.png\" alt=\"\u2764\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/1f1fa-1f1e6.png\" alt=\"\ud83c\uddfa\ud83c\udde6\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/><img decoding=\"async\" src=\"https:\/\/s.w.org\/images\/core\/emoji\/13.1.0\/72x72\/2764.png\" alt=\"\u2764\" class=\"wp-smiley\" style=\"height: 1em; max-height: 1em;\" \/> <a href=\"https:\/\/t.co\/0a6mcfSASb\">pic.twitter.com\/0a6mcfSASb<\/a><\/p>\n<p>&mdash; Xenta (@Xenta777) <a href=\"https:\/\/twitter.com\/Xenta777\/status\/1513936715290923020?ref_src=twsrc%5Etfw\">April 12, 2022<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/div>\n<\/figure>\n<p>In the past we have seen Twitter scams where a fake account answers a question in the replies to a tweet by a well known organisation and <a href=\"https:\/\/blog.malwarebytes.com\/cybercrime\/2016\/08\/scammers-sneak-into-customer-support-conversations-on-twitter\/\">pretends to be customer support<\/a>, hijacking the conversation and directing victims to a phishing page.<\/p>\n<p>A similar tactic is being used here.<\/p>\n<h2>Quoting your way to donation fraud<\/h2>\n<p>Somebody set up an imitation account (note the additional \u201c7\u201d in the username), and then posted this in response to someone asking where to donate:<\/p>\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"55763\" data-permalink=\"https:\/\/blog.malwarebytes.com\/social-engineering\/2022\/04\/watch-out-for-ukraine-donation-scammers-in-twitter-replies\/attachment\/donationphish2\/\" data-orig-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/donationphish2.jpg\" data-orig-size=\"1033,354\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"donationphish2\" data-image-description=\"\" data-image-caption=\"\" data-medium-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/donationphish2-300x103.jpg\" data-large-file=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/donationphish2-600x206.jpg\" width=\"600\" height=\"206\" src=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/donationphish2-600x206.jpg\" alt=\"\" class=\"wp-image-55763\" srcset=\"https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/donationphish2-600x206.jpg 600w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/donationphish2-300x103.jpg 300w, https:\/\/blog.malwarebytes.com\/wp-content\/uploads\/2022\/04\/donationphish2.jpg 1033w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><figcaption>The fake Xenta asks users to donate to their paypal address<\/figcaption><\/figure>\n<\/div>\n<p>Like many successful scams, it&#8217;s very simple, which can easily yield results.<\/p>\n<p>We reported the account, and it was eventually suspended after having apparently cycled through several different usernames. Interestingly, it had been <a href=\"https:\/\/twitter.com\/xam459\/status\/1511704506664464395\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">&#8220;suspended&#8221; on the 4th of April<\/a>, then returned using the original username until a few days ago.<\/p>\n<p>At any rate, the scammer (appears) to be gone now.<\/p>\n<h2>Keeping your donations safe<\/h2>\n<p>One unfortunate issue with donations related to the invasion of Ukraine is that a lot of people tweeting about events as they happen don\u2019t have verified accounts. This means it\u2019s very easy for scammers to impersonate genuine people. There are some ways to try and reduce (<em>not<\/em> eliminate) this, though:<\/p>\n<ol>\n<li><strong>Check the account creation date<\/strong>. This is no guaranteed indicator of genuineness, but Twitter has been around a long time and a brand new account should make you suspicious.<\/li>\n<li><strong>Look for people you know<\/strong> who follow an account you\u2019re considering donating to. Mutual connections are, again, no guarantee. You can at least check with them as to their estimated genuine nature of an account before taking any action.<\/li>\n<li><strong>Use a donation method that can give you a refund if required<\/strong>. This means various forms of cryptocurrency and\/or wire transfers are probably not on the cards. Additionally, many people asking for help with things are using third-party payment tools which often come with money-back facilities. Someone asking you to send them bank info by email or something along those lines? Not the best of indicators.<\/li>\n<\/ol>\n<p>Whenever possible, you should be donating through approved and well known channels. We realise this isn&#8217;t always possible under current circumstances, so hopefully the above tips will stop you wandering into sticky situations.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/social-engineering\/2022\/04\/watch-out-for-ukraine-donation-scammers-in-twitter-replies\/\">Watch out for Ukraine donation scammers in Twitter replies<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n<p><a href=\"https:\/\/blog.malwarebytes.com\/social-engineering\/2022\/04\/watch-out-for-ukraine-donation-scammers-in-twitter-replies\/\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Christopher Boyd| Date: Tue, 19 Apr 2022 16:40:43 +0000<\/strong><\/p>\n<p>We take a look at scammers imitating real people on Twitter to steal badly-needed donation funds.<\/p>\n<p>The post <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\/social-engineering\/2022\/04\/watch-out-for-ukraine-donation-scammers-in-twitter-replies\/\">Watch out for Ukraine donation scammers in Twitter replies<\/a> appeared first on <a rel=\"nofollow\" href=\"https:\/\/blog.malwarebytes.com\">Malwarebytes Labs<\/a>.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[4622,9007,10511,3924,3985,15266,10510,454,8642],"class_list":["post-18800","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-donations","tag-invasion","tag-phish","tag-phishing","tag-scam","tag-scammer","tag-social-engineering","tag-twitter","tag-ukraine"],"_links":{"self":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18800","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=18800"}],"version-history":[{"count":0,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/18800\/revisions"}],"wp:attachment":[{"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=18800"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=18800"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=18800"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}