Cybersecurity threat actors have used the Russian invasion of Ukraine to target phishing victims, according to a new report.

The February 2022 Top Attack Vector Report from Expel identified the trend, noting that phishing was the largest attack vector observed during the month. Of the incidents investigated by the research team, 57% were the effect of phishing.

The report found threat actors posing as legitimate Ukraine aid organizations. In one examined case, a threat actor posed as a children's hospital director asking for assistance for staff and patients. The report found the following common phrases in the subject lines of these cryptocurrency scam emails:

  • “Help - Bitcoin”
  • “Payment from your account”
  • “Help save children in ukraine”
  • “Crypto - Account”
  • “Ukraine Donations”

There are ways to ensure that cryptocurrency donations meant for Ukraine aid are sent to the correct wallet, according to Jon Hencinski, Director of Global Operations at Expel. "It's horrible that bad actors are trying to take advantage of the crisis in Ukraine for personal gain. We want people to be aware of these scams at play so those thinking of donating can verify their donations are going to a legitimate place to help those in need," he said.

"If you're thinking about donating crypto, double-check the public wallet address and transaction history before hitting 'send.' You can review transaction history of a public wallet address using block chain explorer sites like and Polkascan."

Users and organizations looking to donate can also check the Ukraine government's verified Twitter account, where the information for multiple cryptocurrency wallets has been shared, according to Hencinski.

For more ways to deter phishing attacks, read the full report.