Skip to content

A Wave of Ukraine Crypto Phishing Scams May Get Workers Fired

Hackers posing as Ukraine-refugee charities are flooding in-boxes with email. Meanwhile, enterprises are cracking down on worker cybersecurity mistakes. It’s a dangerous combination. Here’s what employers can do.


Cybercriminals have unleashed a wave of phishing emails tied to the war in Ukraine, some targeting refugee aid workers and others attempting to trick recipients into donating cryptocurrency to fake Ukraine charities.

One of the first reported phishing attacks, detected the day Russia invaded Ukraine, contained malware-laden attachments and targeted European Union personnel managing the flight of Ukrainian refugees. That attack was linked to a cyber gang with ties to Belarus.

By mid-March, the U.K.’s national fraud reporting center had received nearly 200 accounts of bogus emails purporting to raise money for Ukraine, and a new report from email-security firm Cyren estimates that threat actors are deploying more than 100,000 fake-donation emails per day.

Know your IT risk posture

Bearing subject lines like “Help Ukraine War Victims,” the emails often originate from spoofed addresses and link to websites that claim to be charities or part of the Ukrainian government.

These phishing expeditions, which offer ways to donate cryptocurrencies like Bitcoin and Ethereum, are designed to steal personal information and direct any donated currency into the pockets of cyber gangs.

While legitimate refugee donation sites do exist—Ukrainian officials began tweeting pleas for crypto in February and have since raised some $67 million—the fraudulent domains are increasingly a danger. Besides getting bilked out of hard-earned cash, individuals who open such emails and click on links while on a work computer or connected to a work network put themselves and their organizations at risk.

[Read also: Spring4Shell vulnerability—critical details and how to protect your organization]

In the past year, more than a quarter (26%) of employees have clicked on a phishing email at work, and nearly half (40%) have sent work emails and data to the wrong person, according to a recent study of 2,000 U.S. and U.K. workers by the cybersecurity company Tessian. Even more troubling—15% admitted to sending the wrong attachment in an email to an external party, potentially breaching confidential information.

The consequences are grave:

  • Companies lose clients—Nearly a third of respondents (29%) said their business lost a customer in the wake of such errors (up from 20% in 2020).
  • Workers get fired—More than a fifth (21%) lost their job post-cyberstumble (up from 12%).

While this wave of new phishing emails has not triggered mass firings yet, it lays the groundwork for a disastrous situation. The wrong click can lead to a pink slip at a time when employers are already struggling to hire new tech workers and keep old ones.

The pressure is on employers to make sure their workers are informed, trained, and vigilant. Over the past year and a half, Endpoint has reported on the policies and perspectives of top cybersecurity officials and enterprise leaders who are taking an active role in training a tougher and smarter workforce. Here’s what the pioneers have learned.

Every worker needs to play cybersecurity defense

Cybersecurity is no longer just an IT ops or SecOps problem. Case in point: the cyberbreach of the Health Service Executive (HSE), Ireland’s largest employer, which oversees thousands of healthcare facilities across the country.

The HSE was hacked in March 2021, resulting in the encryption of 80% of its healthcare data, major service disruptions, and a malware cleanup that cost a reported $600,000. That began when one employee succumbed to the enticement of a phishing email and clicked on a malicious Microsoft Excel file.

In 2020, Covid-19 was the powerful hook used to phish people. Now we see more scams centered on crypto.

Jeff Hancock, professor of communication, Stanford University

Such emails are hard to resist. “In 2020, Covid-19 was the powerful hook used to phish people, tapping into people’s basic human need for health and safety,” noted Stanford University communication professor Jeff Hancock, in Tessian’s report, which he helped produce. “Now we see more scams centered on crypto.”

While cyberbreaches cannot be eradicated completely, risks can be significantly reduced by properly training employees. All employees.

Arizona recently did just that, instituting an annual, full-scale cybertraining of every single state employee—all 36,000 of them.
The program represented a major policy shift. And it was required of staffers, from entry level to the director level. No matter how busy or important, if people didn’t do the training, their network access and privileges could be revoked.

[Read more: Every employee must now be part of the cybersecurity team]

Enhancing worker morale can strengthen cybersecurity

Perhaps the most ominous statistic from the Tessian survey concerns what some workers aren’t saying: Of those who made some sort of cybersecurity blunder, 21% chose not to report the mistake to their IT team in 2021 (up from 16% in 2020).

At heart, that kind of behavior is driven by a fear of the consequences and ultimately reflects an atmosphere of distrust and low morale. But how to solve that?

One option is to let IT teams lead the way, offering employees the same kind of seamless tech experience that IT provides to customers. The more IT can meet its internal users’ expectations, the more engaged those workers will become. More worker engagement leads to better interactions with customers (which translates into profits) and more attention to external threats.

[Read more: Improving the digital employee experience]

Investments in new technology pay defense dividends

And why stop there? CEOs and CIOs are increasingly turning to less traditional, more creative ways to boost worker morale and combat burnout. One new frontier, in particular—the metaverse—may offer some promising options.

Bill Gates, Mark Zuckerberg, and an array of other business and tech leaders believe the metaverse—alternate 3-D realities accessed via virtual reality (VR) headsets and online platforms—may be where more and more of us will be spending our time. And not just for recreation. Business owners are exploring the ways in which this new technology can be used to hold virtual meetings and conferences.

“We seized the pandemic as an opportunity to rewire how we conducted employee meetings,” said Bret Starr, CEO of the B2B marketing agency Starr Conspiracy. Starr recently invested more than $20,000 on VR headsets to be used for meetings and observed a deeper connection between employees as a result.

Endpoint spoke to Starr and other business leaders in February for the first report in a series on how enterprises are using the metaverse to their advantage.

[Read more: Are metaverse meetings the answer to better employee engagement?]

Phishing scams rise in times of crisis. So does stress. As the Tessian report notes, “When employees are overwhelmed and stressed, they make mistakes that compromise security.” A human-first approach to security can help alleviate that problem.

“By empowering employees to make security decisions,” the report concludes, “people become another layer of defense in the enterprise.” And these days, we need all the defense we can get.

Joseph V. Amodio

Joseph V. Amodio is a veteran journalist, television writer, and the Editor-in-Chief of Focal Point. His work has appeared in The New York Times Magazine, Men's Health, Newsday, Los Angeles Times,, and, and has been syndicated in publications around the world. His docudramas have aired on Netflix, Discovery, A&E, and other outlets. He also produces Tanium’s new Let’s Converge podcast—listen here.

Tanium Subscription Center

Get Tanium digests straight to your inbox, including the latest thought leadership, industry news and best practices for IT security and operations.