The bad actors are once again up to their old tricks in search of ill-gotten profits, and this time they have set their sights on Ukraine. In order to take advantage of the ongoing war in the country, they are using an old, reliable tool to trick internet users: domain names.
More than 4,200 Ukraine-related domain names have been registered since Russian troops invaded the country last week, according to the domain monitoring service.
For the past week, DomainTools has been tracking newly registered domain names with the terms "Ukraine" or "Ukrainian" in them. The data has been made available to the public.
On the day Russia invaded, the number of domain name registrations jumped from 46 to more than 200.
It is important to note that not all of the domain name registration are malicious. A number of likely scam have been uncovered by preliminary research into the data by both DomainTools and Mashable. Within hours of the invasion of Feb 24, DomainTools discovered a number of URLs that were set up to take donations. The Federal Trade Commission warns against emotionally charged appeals for donations that do not include details about how the money will be used.
There are similar Ukraine-related domains being used for apparent scam. A website at the URL was set up quickly. Donations can be found on the site, which can be used to send users to a number of different cryptocurrencies.
There is no mention of where the donations will go on the website. A search for the wallet address on the internet turned up a website where users can report scam websites. The website is no longer resolving at the domain.
A number of wallet addresses that have not previously been shared online are listed on a website posing as a charity. The website doesn't say which organization these donations will go to.
Other URLs related to the conflict in Ukraine seem to point to other possible scam. One domain pointed to a website and another forwarded users to real estate listings in other countries.
Nefarious actors have long weaponized URLs in order to scam users out of money or steal their personal information. The tactic exploded during the COVID-19 Pandemic as thousands of domain names were registered promoting the vaccine in order to trick people into thinking they were visiting official health websites.
You can find legitimate Ukraine aid organizations here.