Rise in Impersonation Attacks Related to Ukraine

Impersonation used for donation scams and misinformation

The events happening in Europe are heartbreaking. Sadly, when we are emotionally vulnerable, our defenses are lower, and we are more likely to fall for fraud and scams.

On social media platforms, we have seen a sharp increase in the number of accounts impersonating the president of Ukraine, Volodymyr Zelenskyy. The two primary goals of such accounts have been seeking donations and spreading propaganda/misinformation.

Rise in Impersonation Accounts

Our analysis on March 1 showed at least 14 impersonation accounts on Instagram, created between Feb 25 and March 1, that claimed to be the official or private accounts of Volodymyr Zelenskyy.

Official and impersonation accounts of the president of Ukraine on Instagram
Official (top) and impersonation (bottom) accounts of the president of Ukraine

All accounts used the picture, bio and posts that impersonated the president. Majority of these accounts had raked up between 500 and 3500 followers within a very short period even hours.

Note that the official account of the president on Instagram is @zelenskiy_official. It has the verified blue check mark and has over 14 million followers.

As of March 3, 12 of the 14 impersonation accounts on IG were down, but new impersonation accounts had taken their place.

Role of Account Takeovers

Of the 14 impersonation accounts we found, 7 were newly created and 7 were account takeovers. In the case of account takeover, fraudsters steal account passwords/credentials of existing accounts.

Because the accounts have been in existence for longer periods and likely have more followers, attackers can avoid detection by platforms’ fraud detection algorithms.

In the case of inactive accounts, the legitimate users are not aware of the takeover and do not report the issue to the platform.

Fan Accounts can be Misleading

In our analysis of impersonation accounts on Instagram, we are not including 90+ accounts that explicitly state that they are fan accounts. However, we observed at least one fan account that redirected to an external Telegram account that was an impersonation account seeking donations.

Platforms such as Instagram allow fan accounts (3 examples above)


What You Can Do

If you haven’t already, enable 2FA for your social media accounts to reduce the chance of account takeover.

Before you make a donation, please verify the legitimacy of the charity/organization. Prefer credit card/checks instead of cash, wire transfers or gift cards.

Verify the information you are reading on social media with at least one other news or fact-checking website.

Enable 2FA for your social media accounts

Please be aware and vigilant and protect yourself online. Have questions or comments? Contact us at [email protected].

To understand how the Eydle platform can identify and take down impersonation accounts on social media contact us or visit www.eydle.com.


Rise in Impersonation Attacks Related to Ukraine was originally published in Eydle on Medium, where people are continuing the conversation by highlighting and responding to this story.

Share this :

Read more articles