It’s easy to forget, when a hybrid war like the one currently raging in Ukraine is occupying so much attention, that ordinary criminal lowlifes continue to seek victims, and the war only gives them another pretext to dangle in front of the unwary.

That’s happening right now. Avast warns that criminals have begun, in their sorry but entirely foreseeable way, to exploit people’s sympathies for those suffering in Ukraine. “As cybercriminals seek to take advantage of the chaos,” the company writes in its blog, “we have tracked in the last 48 hours a number of scammers who are tricking people out of money by pretending they are Ukrainians in desperate need of financial help. In the past, we have seen similar scams for people stuck while traveling or looking for love. Unfortunately, these attackers do not operate ethically and will use any opportunity to get money out of people willing to help others in need. What’s suspicious is the immediate mention of Bitcoin, as well as the usernames that consist only of letters and numbers.”

Other criminals (and here Avast credits their colleagues at ESET) are hawking “UkraineTokens,” whatever those might be. In that scam the crooks are combining sympathy with fashion. It’s easy to imagine the marks thinking, well, we’d like to help, and didn’t we see ads for tokens or something on T.V.? Maybe that’s how things are done nowadays. The UkraineToken scam is fairly easy to see through, since it’s marked with the poor grammar and loose idiomatic control that usually distinguishes fraudulent pitches.

This kind of social engineering hasn’t been confined to any one channel, Avast points out. “There have also been reports of similar scams spreading on TikTok and other social media sites. In general, we strongly advise not to send any money to unknown people directly, especially in any form of cryptocurrency, as it is virtually impossible to deduce if it is a person in need or a scammer.”

If you’re moved to help, Avast advises doing so through well-known, credible, trusted organizations, and doing so through those organization’s official websites, not through links shared in social media.

It’s sad that criminals would seek to take advantage of people’s best impulses during a time of crisis, but such is the criminal world. New-school security awareness training can enable your employees to thwart both sophisticated and rudimentary phishing attacks.