Top 10 Current Scams

[Student]

Fraudsters continue to develop increasingly sophisticated methods of deception, using social engineering, psychological pressure, and modern technology. What are the most popular fraudulent schemes, and how can you protect yourself from them?
Fraudsters use a variety of methods, from phone calls impersonating government agencies to fake websites and malicious apps. They often employ social engineering, intimidating victims into committing actions that lead to the loss of funds.
Let's look at the most common fraudulent schemes and methods of protection.

1. Make an appointment with a doctor​

The scam targets those who have had trouble making appointments with a doctor. Fraudsters contact people through popular messaging apps. They address them by name, feign knowledge, and gain their trust by pretending to ask how long it takes to schedule an appointment with a specialist at a clinic.
If a citizen confirms they are experiencing difficulties, scammers, posing as technical support or a service employee, offer to install "special software" on their smartphone to easily view available doctor appointments. In reality, the downloaded file, disguised as an app, is a Trojan. Once installed, the attackers gain remote access to the victim's device and online banking apps. This allows the scammers to steal all funds from their accounts.

How to protect yourself​

• Never download apps from unofficial sources, especially from links in instant messengers.
• Remember: official services do not call themselves with an offer to install software for “convenience”.
• To make an appointment with a doctor, use only the State Services portal or official clinic websites.
• If you receive any such offers, immediately end the conversation and call the clinic or verify.
• Activate the antivirus service in SBOLor install reliable antivirus software on your phone from the official app store.

2. Installing a home application​

Attackers trick victims into installing malicious apps under the guise of paying utility bills or making a doctor's appointment. In reality, the app provides remote access to the smartphone, allowing attackers to control the device and intercept confidential data.

How the scheme works​

Criminals call impersonating employees of property management companies, medical institutions, or government agencies. Under the pretext of urgently processing documents or benefits, they persuade victims to install an app supposedly needed for processing payments or receiving services. The victim is sent a link to a malicious app disguised as a utility payment service or doctor's appointment booking tool. Installing the app gives the attackers complete control of the smartphone. They will see passwords and SMS codes entered, and gain access to banking apps and their account.

How to protect yourself:​

• Do not install applications at the request of callers.
• Download apps only from official stores.
• Do not provide remote access to your device to strangers, even if they claim to be technical support.

What can attackers do with your data?​

✔ Apply for loans from microfinance organizations.
✔ Transfer your money from bank cards.
✔ Sell your personal information to other criminals.

How to protect yourself:​

• Never share SMS codes or passwords with anyone.
• Don't trust free travel packages — realbenefits are only available through government agencies.
• Verify the information by calling the SFR orPFR at the official phone number.
• Do not transfer money at the request of strangers, even if theyclaim to be from the police or the FSB.

What to do if you have already transferred the data:​

• Immediately block your account (via support service).
• Contact your bank to stop suspicious transactions.
• Submit a report to the police through website or in person.

3. Save the parents​

Fraudsters are targeting those closest and dearest to us. Posing as police, FSB, or Rosfinmonitoring officers, criminals call teenagers and deliver devastating news: their parents are allegedly facing criminal prosecution for transferring money abroad or for undeclaring income. Fearing for their parents, the child is willing to do anything to save them.
The perpetrators demand that the children conduct a "video search" of the apartment, show all their accumulated money and valuables on camera, and then hand them over to a courier for "inspection" and "declaration." Such actions, committed under duress, lead to the loss of family savings.
Thus, in early 2025, in Moscow, a 14-year-old teenager was forced to believe the story of “saving his parents” and hand over $3,500+ and foreign currency to a courier.

How to protect yourself:​

• Explain to your child that no police officer or government agency will demand money through a courier.
• Teach children to immediately contact their parents if they receive any alarming calls.
• Establish a rule: any actions with money and valuables are carried out only after consultation with adults.

4. Calling an unknown number​

Scammers trick people into calling them to bypass operator blocks. The scammers imitate notifications about a "account hack," "unauthorized access," or a "personal data leak." The subsequent message — via email, instant messaging, or SMS from an unofficial number — demands an immediate call to a specified "support" or "security" number for emergency resolution.
When a person calls the number provided, they are directed to a fraudulent contact center and are then contacted by scammers. Under the guise of "account protection" or "hack prevention," they trick the user into revealing confidential information, such as passwords, SMS codes, and passport details, or they are persuaded to transfer their savings to a "secure account."
Having gained access to the victim's accounts and banking apps, fraudsters are able to completely withdraw funds from bank accounts and cards, issue loans and credits in the victim's name, and use personal data for further blackmail or fraudulent schemes.

How to protect yourself:​

• Never call numbers from messages from unknown contacts.
• Remember: official services do not ask you to call back to a mobile number.
• To verify the information yourself, find the official support service phone number on the organization's website and call them.
• Never rush financial matters. Don't panic. Stop and take stock of the situation.

5. Scam VPN​

Fraudsters disguise malware as useful extensions and VPN services, exploiting people's trust and desire to bypass restrictions. They publish their products in official app stores, where they introduce spyware features after updates. Such programs can secretly take screenshots, monitor user activity, and steal confidential data, such as bank details, passwords, and personal correspondence. This leads to financial losses, blackmail, and fraudulent activity in the victim's name.

How to protect yourself:​

• Avoid using free VPN services and other suspicious "convenient" extensions.
• Do not download services based on advice or advertisements from dubious sources.
• Carefully review the permissions the extension requests during installation.
• Do not use unverified means to bypass blocking.
• Choose reputable VPN services whose reputations are confirmed by independent security audits and a long history of operation.
• Frequently review your installed browser extensions. Remove any unnecessary or suspicious ones. Do this regularly.

6. Earn money by listening to music​

Fraudsters create enticing offers of easy earnings of up to 1,000 rubles a day simply by listening to music. However, to get started, they require a mandatory entry fee, ostensibly to obtain "platform access" or a "starter pack."
When a user makes a payment and logs into the system, they discover that listening to music is practically free. They discover that participants' primary income comes solely from recruiting new users and reselling them access to the system. Thus, the project operates as a classic pyramid scheme, with the initial participants' earnings generated by contributions from subsequent participants.
Having gained access to victims' money and personal information, fraudsters are able to lure people into financial fraud, making them accomplices to the crime, use personal information for further fraud, and also involve them in illegal activities aimed at attracting new victims among acquaintances and friends.

How to protect yourself:​

• Never pay money for "access to earnings".
• Remember: honest work does not require prepayment.
• Explain to children how to recognize a pyramid scheme.
• Do not share personal information or bank details with strangers.
• If you encounter such a scheme, report it to law enforcement.

7. Intercom system​

Fraudsters call impersonating the management company and inform you of a scheduled replacement of your building's intercom. During the conversation, they specify the number of keys required and inform you that you'll receive a text message with a "personal door code" to obtain them.
In reality, this code is a one-time password for accessing your account. Once you give it to scammers, they gain full access to your profile.
The next stage involves calls from fake law enforcement officials, who claim that money transfers have been made in your name and accuse you of financing terrorists. During the "investigation," they insist that you transfer all funds to a "safe account" to avoid criminal liability.

How to protect yourself:​

• Remember: the management company never requests codes from SMS.
• Never give out verification codes, even if the call appears genuine.
• Call the management company yourself to verify the information.
• Never rush financial matters. Don't panic — officials don't require you to transfer money over the phone.
• Use security services for additional protection.

8. Parcel from nowhere​

Fraudsters posing as marketplace and courier service employees are tricking citizens into giving them access codes to the State Services portal.

How the scheme works​

The scammer poses as a marketplace or courier service employee and informs you about the package. They claim the order has already been paid for and ask you to schedule a delivery time.
If the victim claims they didn't order anything, the scammers respond with: "It's a gift from relatives," "There's a system error," or "A promotion from the store." The scammers create the illusion of a valuable package that would be a shame to lose.
Then, under the pretext of security requirements, the scammers ask the victim to complete verification. They send an SMS with a code supposedly needed to confirm receipt of the package. But in reality, it's an authorization code for accessing.

How to protect yourself:​

• Remember: genuine marketplaces never request codes via SMS over the phone.
• Do not give out the codes sent, even if the caller threatens to block your account.
• Verify the information by calling the companies' official numbers.
• Enable two-factor authentication and banking apps.

What to do if you have already transferred the data:​

• Block your State Services account immediately.
• Contact your bank to check suspicious transactions.
• File a report with the police in person or through the Ministry of Internal Affairs website.

9. New Scam​

In July, cases of fraud related to the MAX platform (it was presented to Russian citizens as a national messenger) were recorded.

How the scheme works​

Fraudsters call, claiming to be MAX employees, and urge users to urgently register for the new service. Citing MAX's integration with government services, they ask the user to recite a confirmation code from an SMS. In reality, the code comes from the portal. Providing this code to the scammers will give them access to the user's personal data, documents, and finances.Then comes a second call, in which the scammers inform the recipient that their account has been hacked. They threaten to take out loans and transfer funds to finance extremists. To protect the funds, the victim must urgently transfer them to a "safe account" or hand over the cash to a courier.

How to protect yourself:​

• Please note: MAX employees never call users with such requests, and there is no official integration of this messenger. Such calls are a scam.
• If you receive such a call, end the conversation immediately. Don't give in to threats or comply with demands from strangers.
• Verify information on official websites. If you have any doubts, contact service specialists.
• Never share SMS codes received to log into portals and applications with anyone.
• If you did share your code, change your passwords immediately, enable two-factor authentication, and contact support. If necessary, contact your bank.

10. Stealing money via NFC: "contactless" scam​

Fraudsters are increasingly using contactless payment technologies to steal funds from bank cards. They call victims, posing as bank or law enforcement officials, and claim that their website has been hacked, illegal transactions have been detected, or that the victim is funding the Ukrainian Armed Forces. To "protect" the funds, they suggest installing a special app on their smartphone.
The victim is then asked to tap their bank card to their phone and enter their PIN. The scammers reassure the victim that the card remains in their possession, so entering the PIN is safe. In reality, the app reads the card data via NFC and transmits it to the scammers, who are at the ATM at the time. The scammer taps their device, which also has the app, to the ATM terminal. The terminal reads the scammer's device as the victim's card, so after entering the PIN, the criminal gains access to the victim's personal account and can withdraw all funds from their accounts.

There are situations when scammers act differently:​

They call from an unknown number or through instant messaging apps and unexpectedly deliver shocking news, such as: "illegal transactions have been recorded on your account" or "your account has been hacked," etc.
The scammer aims to intimidate the victim and offers to "save" their money by installing a special app on their phone. They send a file via messenger. This file contains malware that activates on the device. The scammer then offers to withdraw money from all existing accounts and deposit it into a special "safe account" at an ATM. To do this, the victim must hold their NFC-enabled phone to the ATM.
The scammer dictates numbers that the victim uses to confirm a transfer to a so-called secure account. In reality, this is the PIN code for the drop card, and the victim deposits cash into someone else's account.
A special program installed by the scammers retransmits an NFC signal to the ATM's drop device. The ATM reads the phone's signal as a card. This allows the scammer, after entering a PIN code they tricked into revealing, to access your personal account and withdraw funds.
According to F6, damage from such attacks in the first quarter of 2025 alone amounted to $5+ million.

How to protect yourself:​

• Do not install applications from untrusted sources or from links in messages.
• Keep your PIN code secret and do not enter it in applications that are not official banking programs.
• Limit your use of NFC, turn it on only when needed and turn it off after use.
• Install antivirus software on your smartphone and update it regularly.
• Be vigilant and do not trust unknown calls, especially if they ask you to install apps or provide confidential information.

(c) Source