Top 10 Current Scams

[Student]

Fraudsters continue to develop increasingly sophisticated methods of deception, using social engineering, psychological pressure, and modern technology. What are the most popular fraudulent schemes, and how can you protect yourself from them?
Fraudsters use a variety of methods, from phone calls impersonating government agencies to fake websites and malicious apps. They often employ social engineering, intimidating victims into committing actions that lead to the loss of funds.
Let's look at the most common fraudulent schemes and methods of protection.

1. Make an appointment with a doctor​

The scam targets those who have had trouble making appointments with a doctor. Fraudsters contact people through popular messaging apps. They address them by name, feign knowledge, and gain their trust by pretending to ask how long it takes to schedule an appointment with a specialist at a clinic.
If a citizen confirms they are experiencing difficulties, scammers, posing as technical support or a service employee, offer to install "special software" on their smartphone to easily view available doctor appointments. In reality, the downloaded file, disguised as an app, is a Trojan. Once installed, the attackers gain remote access to the victim's device and online banking apps. This allows the scammers to steal all funds from their accounts.

How to protect yourself​

• Never download apps from unofficial sources, especially from links in instant messengers.
• Remember: official services do not call themselves with an offer to install software for “convenience”.
• To make an appointment with a doctor, use only the State Services portal or official clinic websites.
• If you receive any such offers, immediately end the conversation and call the clinic or verify.
• Activate the antivirus service in SBOLor install reliable antivirus software on your phone from the official app store.

2. Installing a home application​

Attackers trick victims into installing malicious apps under the guise of paying utility bills or making a doctor's appointment. In reality, the app provides remote access to the smartphone, allowing attackers to control the device and intercept confidential data.

How the scheme works​

Criminals call impersonating employees of property management companies, medical institutions, or government agencies. Under the pretext of urgently processing documents or benefits, they persuade victims to install an app supposedly needed for processing payments or receiving services. The victim is sent a link to a malicious app disguised as a utility payment service or doctor's appointment booking tool. Installing the app gives the attackers complete control of the smartphone. They will see passwords and SMS codes entered, and gain access to banking apps and their account.

How to protect yourself:​

• Do not install applications at the request of callers.
• Download apps only from official stores.
• Do not provide remote access to your device to strangers, even if they claim to be technical support.

What can attackers do with your data?​

✔ Apply for loans from microfinance organizations.
✔ Transfer your money from bank cards.
✔ Sell your personal information to other criminals.

How to protect yourself:​

• Never share SMS codes or passwords with anyone.
• Don't trust free travel packages — realbenefits are only available through government agencies.
• Verify the information by calling the SFR orPFR at the official phone number.
• Do not transfer money at the request of strangers, even if theyclaim to be from the police or the FSB.

What to do if you have already transferred the data:​

• Immediately block your account (via support service).
• Contact your bank to stop suspicious transactions.
• Submit a report to the police through website or in person.

3. Save the parents​

Fraudsters are targeting those closest and dearest to us. Posing as police, FSB, or Rosfinmonitoring officers, criminals call teenagers and deliver devastating news: their parents are allegedly facing criminal prosecution for transferring money abroad or for undeclaring income. Fearing for their parents, the child is willing to do anything to save them.
The perpetrators demand that the children conduct a "video search" of the apartment, show all their accumulated money and valuables on camera, and then hand them over to a courier for "inspection" and "declaration." Such actions, committed under duress, lead to the loss of family savings.
Thus, in early 2025, in Moscow, a 14-year-old teenager was forced to believe the story of “saving his parents” and hand over $3,500+ and foreign currency to a courier.

How to protect yourself:​

• Explain to your child that no police officer or government agency will demand money through a courier.
• Teach children to immediately contact their parents if they receive any alarming calls.
• Establish a rule: any actions with money and valuables are carried out only after consultation with adults.

4. Calling an unknown number​

Scammers trick people into calling them to bypass operator blocks. The scammers imitate notifications about a "account hack," "unauthorized access," or a "personal data leak." The subsequent message — via email, instant messaging, or SMS from an unofficial number — demands an immediate call to a specified "support" or "security" number for emergency resolution.
When a person calls the number provided, they are directed to a fraudulent contact center and are then contacted by scammers. Under the guise of "account protection" or "hack prevention," they trick the user into revealing confidential information, such as passwords, SMS codes, and passport details, or they are persuaded to transfer their savings to a "secure account."
Having gained access to the victim's accounts and banking apps, fraudsters are able to completely withdraw funds from bank accounts and cards, issue loans and credits in the victim's name, and use personal data for further blackmail or fraudulent schemes.

How to protect yourself:​

• Never call numbers from messages from unknown contacts.
• Remember: official services do not ask you to call back to a mobile number.
• To verify the information yourself, find the official support service phone number on the organization's website and call them.
• Never rush financial matters. Don't panic. Stop and take stock of the situation.

5. Scam VPN​

Fraudsters disguise malware as useful extensions and VPN services, exploiting people's trust and desire to bypass restrictions. They publish their products in official app stores, where they introduce spyware features after updates. Such programs can secretly take screenshots, monitor user activity, and steal confidential data, such as bank details, passwords, and personal correspondence. This leads to financial losses, blackmail, and fraudulent activity in the victim's name.

How to protect yourself:​

• Avoid using free VPN services and other suspicious "convenient" extensions.
• Do not download services based on advice or advertisements from dubious sources.
• Carefully review the permissions the extension requests during installation.
• Do not use unverified means to bypass blocking.
• Choose reputable VPN services whose reputations are confirmed by independent security audits and a long history of operation.
• Frequently review your installed browser extensions. Remove any unnecessary or suspicious ones. Do this regularly.

6. Earn money by listening to music​

Fraudsters create enticing offers of easy earnings of up to 1,000 rubles a day simply by listening to music. However, to get started, they require a mandatory entry fee, ostensibly to obtain "platform access" or a "starter pack."
When a user makes a payment and logs into the system, they discover that listening to music is practically free. They discover that participants' primary income comes solely from recruiting new users and reselling them access to the system. Thus, the project operates as a classic pyramid scheme, with the initial participants' earnings generated by contributions from subsequent participants.
Having gained access to victims' money and personal information, fraudsters are able to lure people into financial fraud, making them accomplices to the crime, use personal information for further fraud, and also involve them in illegal activities aimed at attracting new victims among acquaintances and friends.

How to protect yourself:​

• Never pay money for "access to earnings".
• Remember: honest work does not require prepayment.
• Explain to children how to recognize a pyramid scheme.
• Do not share personal information or bank details with strangers.
• If you encounter such a scheme, report it to law enforcement.

7. Intercom system​

Fraudsters call impersonating the management company and inform you of a scheduled replacement of your building's intercom. During the conversation, they specify the number of keys required and inform you that you'll receive a text message with a "personal door code" to obtain them.
In reality, this code is a one-time password for accessing your account. Once you give it to scammers, they gain full access to your profile.
The next stage involves calls from fake law enforcement officials, who claim that money transfers have been made in your name and accuse you of financing terrorists. During the "investigation," they insist that you transfer all funds to a "safe account" to avoid criminal liability.

How to protect yourself:​

• Remember: the management company never requests codes from SMS.
• Never give out verification codes, even if the call appears genuine.
• Call the management company yourself to verify the information.
• Never rush financial matters. Don't panic — officials don't require you to transfer money over the phone.
• Use security services for additional protection.

8. Parcel from nowhere​

Fraudsters posing as marketplace and courier service employees are tricking citizens into giving them access codes to the State Services portal.

How the scheme works​

The scammer poses as a marketplace or courier service employee and informs you about the package. They claim the order has already been paid for and ask you to schedule a delivery time.
If the victim claims they didn't order anything, the scammers respond with: "It's a gift from relatives," "There's a system error," or "A promotion from the store." The scammers create the illusion of a valuable package that would be a shame to lose.
Then, under the pretext of security requirements, the scammers ask the victim to complete verification. They send an SMS with a code supposedly needed to confirm receipt of the package. But in reality, it's an authorization code for accessing.

How to protect yourself:​

• Remember: genuine marketplaces never request codes via SMS over the phone.
• Do not give out the codes sent, even if the caller threatens to block your account.
• Verify the information by calling the companies' official numbers.
• Enable two-factor authentication and banking apps.

What to do if you have already transferred the data:​

• Block your State Services account immediately.
• Contact your bank to check suspicious transactions.
• File a report with the police in person or through the Ministry of Internal Affairs website.

9. New Scam​

In July, cases of fraud related to the MAX platform (it was presented to Russian citizens as a national messenger) were recorded.

How the scheme works​

Fraudsters call, claiming to be MAX employees, and urge users to urgently register for the new service. Citing MAX's integration with government services, they ask the user to recite a confirmation code from an SMS. In reality, the code comes from the portal. Providing this code to the scammers will give them access to the user's personal data, documents, and finances.Then comes a second call, in which the scammers inform the recipient that their account has been hacked. They threaten to take out loans and transfer funds to finance extremists. To protect the funds, the victim must urgently transfer them to a "safe account" or hand over the cash to a courier.

How to protect yourself:​

• Please note: MAX employees never call users with such requests, and there is no official integration of this messenger. Such calls are a scam.
• If you receive such a call, end the conversation immediately. Don't give in to threats or comply with demands from strangers.
• Verify information on official websites. If you have any doubts, contact service specialists.
• Never share SMS codes received to log into portals and applications with anyone.
• If you did share your code, change your passwords immediately, enable two-factor authentication, and contact support. If necessary, contact your bank.

10. Stealing money via NFC: "contactless" scam​

Fraudsters are increasingly using contactless payment technologies to steal funds from bank cards. They call victims, posing as bank or law enforcement officials, and claim that their website has been hacked, illegal transactions have been detected, or that the victim is funding the Ukrainian Armed Forces. To "protect" the funds, they suggest installing a special app on their smartphone.
The victim is then asked to tap their bank card to their phone and enter their PIN. The scammers reassure the victim that the card remains in their possession, so entering the PIN is safe. In reality, the app reads the card data via NFC and transmits it to the scammers, who are at the ATM at the time. The scammer taps their device, which also has the app, to the ATM terminal. The terminal reads the scammer's device as the victim's card, so after entering the PIN, the criminal gains access to the victim's personal account and can withdraw all funds from their accounts.

There are situations when scammers act differently:​

They call from an unknown number or through instant messaging apps and unexpectedly deliver shocking news, such as: "illegal transactions have been recorded on your account" or "your account has been hacked," etc.
The scammer aims to intimidate the victim and offers to "save" their money by installing a special app on their phone. They send a file via messenger. This file contains malware that activates on the device. The scammer then offers to withdraw money from all existing accounts and deposit it into a special "safe account" at an ATM. To do this, the victim must hold their NFC-enabled phone to the ATM.
The scammer dictates numbers that the victim uses to confirm a transfer to a so-called secure account. In reality, this is the PIN code for the drop card, and the victim deposits cash into someone else's account.
A special program installed by the scammers retransmits an NFC signal to the ATM's drop device. The ATM reads the phone's signal as a card. This allows the scammer, after entering a PIN code they tricked into revealing, to access your personal account and withdraw funds.
According to F6, damage from such attacks in the first quarter of 2025 alone amounted to $5+ million.

How to protect yourself:​

• Do not install applications from untrusted sources or from links in messages.
• Keep your PIN code secret and do not enter it in applications that are not official banking programs.
• Limit your use of NFC, turn it on only when needed and turn it off after use.
• Install antivirus software on your smartphone and update it regularly.
• Be vigilant and do not trust unknown calls, especially if they ask you to install apps or provide confidential information.

(c) Source

 

[chushpan]

Here is a comprehensive and detailed expansion on the top current scams, including their mechanics, psychological triggers, specific real-world examples, and robust protection strategies.

Understanding the Modern Scammer's Playbook​

Before diving into the list, it's crucial to understand that modern scams are sophisticated psychological operations. They don't just rely on greed anymore; they exploit fear, urgency, trust, and our desire to help loved ones. The common thread is social engineering — manipulating human psychology rather than hacking complex software.

The Top 10 Current Scams: A Deep Dive​

1. Phishing & Smishing: The Digital Deception Epidemic​

• The Full Mechanics: This isn't just one scam; it's a delivery method for many others. Scammers send mass emails (Phishing) or texts (Smishing — SMS Phishing) that mimic legitimate organizations. The pretext is designed to trigger an emotional response:
  • Urgency/Fear: "Your account will be closed in 24 hours!" or "Suspicious login attempt detected!"
  • Curiosity/Reward: "You have a pending package delivery." or "You are eligible for a government refund."
  • The message contains a link to a fraudulent website that is a near-perfect replica of the real one.
• Advanced Tactics (Vishing & Quishing):
  • Vishing (Voice Phishing): A follow-up phone call from a "representative" to add pressure and legitimacy.
  • Quishing (QR Code Phishing): Scammers send a QR code in an email or place a fraudulent sticker over a legitimate one on a parking meter or restaurant table. Scanning it takes you to the malicious site.
• Real-World Example: You get a text from "Amazon": "Alert: A purchase of a $1,299 MacBook Pro has been made on your account. If this was not you, click here: [malicious link] to dispute the charge." Panicked, you click and enter your Amazon login credentials, which are now stolen.
• How to Protect Yourself:
  • Never click the link. Hover over it to see the true, often mismatched, URL.
  • Go to the source. Open your browser and go to the company's website directly to check your account.
  • Scrutinize the sender. Look for slight misspellings in the email address (e.g., service@amaz0n-support.net).
  • Enable Multi-Factor Authentication (MFA/2FA): This makes stolen passwords useless.

2. The "Hi Mom" / "Grandparent" Scam: The Emotional Hijack​

• The Full Mechanics: This scam is brutally effective because it targets the heart. A scammer, posing as a family member (most commonly a grandchild), sends a text to a random number starting with, "Hi Mom, I broke my phone, this is my new number." After a brief exchange to build credibility, the "emergency" is revealed: a car accident, a legal fine, or a medical bill that needs immediate payment, with a plea to keep it a secret from other family members.
• Advanced Tactics: Scammers now use AI to clone the voice of a loved one from social media clips, making a follow-up phone call terrifyingly convincing.
• Real-World Example: "Mom, I'm so sorry. I was in a car accident and my phone is shattered. I'm using a friend's. I need $3,000 for the deductible right now or they're going to impound the car. Please don't tell Dad, he'll be so mad. Can you send it via Bitcoin at this kiosk?"
• How to Protect Yourself:
  • Establish a family safe word. A simple code word that can be used to verify identity in an emergency.
  • Verify through a known channel. Call the person back on the number you have saved for them. If they claim their phone is broken, call another family member who can confirm their whereabouts.
  • Resist the urgency. The need for secrecy and speed is the scammer's greatest weapon. Slow down.

3. Romance Scams / "Pig Butchering" (Crypto Romance Scams)​

• The Full Mechanics: This is a long-term, calculated con. The name "Pig Butchering" comes from the process of "fattening" a victim with affection and trust before "slaughtering" them financially. A scammer creates a fake profile on a dating app or social media and initiates a relationship. Over weeks or months, they build deep trust and emotional dependence. Then, they casually introduce a "can't-miss" crypto or forex trading opportunity.
• The Funnel: They guide you to a fake, but professional-looking, trading platform. You invest a small amount and see fantastic, fake returns. Encouraged to invest more, you eventually try to withdraw your "profits," only to be hit with insurmountable "fees" or taxes. The platform then vanishes, and the "lover" disappears.
• Real-World Example: After two months of daily texts and video calls (where the scammer's camera is always "broken"), your new partner says their uncle is a financial analyst who knows about a crypto coin about to skyrocket. You invest $5,000 on their recommended platform and see it grow to $50,000 in a week. When you try to withdraw, the "support team" says you need to pay a $5,000 "withdrawal verification fee." You pay, and then they ask for more.
• How to Protect Yourself:
  • Never send money or invest with someone you've only met online.
  • Reverse image search their profile pictures — they are often stolen.
  • Be wary of anyone who avoids video calls or has a consistently tragic story preventing them from meeting.
  • Understand that legitimate investment opportunities are not found through romantic partners on dating apps.

4. Government & Bank Imposter Scams: Authority and Fear​

• The Full Mechanics: Scammers spoof caller ID to make it appear they are calling from the IRS, Social Security Administration, or your local bank. They use official-sounding language and badge numbers to sound legitimate. The story is always dire: your Social Security number is linked to crime and has been "suspended," you owe back taxes, or your bank account has been compromised.
• The Goal: To scare you into "verifying your identity" (by giving up your SSN and bank details) or making an immediate payment to avoid arrest, deportation, or asset seizure.
• Real-World Example: "This is Officer Miller from the Social Security Administration. Your Social Security number has been flagged for involvement in a drug trafficking ring in Texas. To avoid immediate arrest, you must go to Walmart and purchase $2,500 in Google Play gift cards and read me the codes to clear your name."
• How to Protect Yourself:
  • Know this absolute rule: No government agency or legitimate bank will EVER demand payment via gift cards, wire transfers, or cryptocurrency. They will not threaten you with immediate arrest over the phone.
  • Hang up immediately. Do not press any buttons to "speak to an agent."
  • Call back on a verified number. Find the official customer service number on the agency's or bank's genuine website and call them directly.

5. Fake Job Offer Scams: Exploiting Hope​

• The Full Mechanics: Scammers post fake job listings on major platforms like LinkedIn and Indeed for attractive, fully-remote positions. They conduct a quick, text-based "interview" and send a glowing offer letter. The scam then takes one of two paths:
  1. The Fake Check Scam: They send you a check to buy "home office equipment" from a "preferred vendor." The check is fake, but the money you send to the vendor (the scammer) is real.
  2. The Identity Theft Scam: They request a copy of your driver's license, Social Security number, and bank details for "onboarding," which they then use to commit identity theft.
• Real-World Example: You're hired as a "Data Entry Specialist" for a seemingly legitimate company. They overnight a check for $4,800. You're instructed to deposit it, keep $800 as your "signing bonus," and wire $4,000 to the "IT vendor" for your computer setup. Days later, the bank informs you the check was fraudulent, and you are responsible for the entire $4,800.
• How to Protect Yourself:
  • Be wary of jobs that require no experience and offer high pay for little work.
  • A legitimate employer will never send you a check before you've started work.
  • Research the company extensively. A professional website and a presence on multiple platforms is a good sign. A single, poorly written site is a red flag.

6. Online Shopping & Fake Website Scams: The Illusion of a Deal​

• The Full Mechanics: Scammers use Facebook and Instagram ads to promote luxury goods, popular electronics, designer items, or pets at deeply discounted prices. The websites they link to are often very convincing, with stolen product images, fake "About Us" pages, and bogus customer testimonials.
• The Goal: To steal your credit card information and either send you a cheap counterfeit or nothing at all ("cyber-shoplifting").
• Real-World Example: An ad shows a Weber Genesis grill for $199 (normally $1,000). The site, WeberOutlets.com, looks professional. You enter your payment info and receive a confirmation email. Weeks go by with no shipment, and the site eventually disappears.
• How to Protect Yourself:
  • If the price seems too good to be true, it is.
  • Check the domain's age. Use a free whois lookup tool; scam sites are often only weeks or months old.
  • Look for contact information. A lack of a physical address or a working customer service phone number is a major red flag.
  • Pay with a credit card. Credit cards offer the best fraud protection and allow you to dispute charges.

7. Tech Support Scams: The False Authority​

• The Full Mechanics: You receive a pop-up alert on your computer (often while browsing a questionable website) that locks your browser, claiming your system is infected. It displays a legitimate-looking logo (Microsoft, Apple) and a phone number to call. Alternatively, you may get an unsolicited phone call from someone claiming to be from "Windows Support."
• The Goal: To gain remote access to your computer. Once in, they can:
  • Install malware to steal passwords and files.
  • "Demonstrate" non-existent problems to scare you into paying for fake software or services.
  • Hold your files for ransom.
• Real-World Example: A loud, alarming siren plays from your browser with a message: "CRITICAL VIRUS DETECTED! CALL MICROSOFT SECURITY AT 1-800-XXX-XXXX IMMEDIATELY!" You call, and the "technician" guides you to the Windows Event Viewer (a normal log of system events) and points to normal errors as "proof" of infection.
• How to Protect Yourself:
  • No legitimate company monitors your computer proactively. Anyone who calls you claiming to do so is a scammer.
  • If you get a pop-up, do not call the number. Force-quit your browser (Task Manager on Windows, Force Quit on Mac). Restart your computer if necessary.
  • Never, under any circumstances, grant remote access to your computer to an unsolicited contact.

8. Cryptocurrency "Investment" Schemes & Rug Pulls​

• The Full Mechanics: In the unregulated crypto world, "Rug Pulls" are common. Developers create a new token, promote it heavily on social media (Twitter, TikTok) with promises of huge returns, and create artificial hype to drive up the price and trading volume ("pumping"). Once a significant amount of money from investors pours in, the creators sell all their holdings at once ("dumping"), crashing the token's value to zero and disappearing with the investors' funds.
• Real-World Example: A token called "SquidGameCoin" is promoted by influencers. The price goes up 1000% in a week. FOMO (Fear Of Missing Out) sets in, and more people buy. Suddenly, the developers sell, the liquidity is pulled from the exchange, and the coin becomes worthless. Investors cannot sell their holdings.
• How to Protect Yourself:
  • Be extremely skeptical of coins promoted solely on social media.
  • Research the development team. Are they anonymous? If so, it's a huge risk.
  • Understand that guaranteed high returns are a fantasy and the hallmark of a scam.

9. Fake Rental Listings: The Dream Home That Isn't There​

• The Full Mechanics: Scammers take listings for homes for sale or rent, copy the photos and description, and create a new ad on Craigslist or Facebook Marketplace with a much lower price. They claim to be out of the country on mission work or for a job and say they need a security deposit and first month's rent to "mail you the keys."
• The Goal: To get your money for a property they do not own or manage before you realize it's a scam.
• Real-World Example: You find a beautiful apartment for rent at half the market rate. The "landlord" says they are in London for a year and can only communicate via email. They ask for a $1,500 deposit via Zelle to "secure" the property, promising to express mail the keys. After you pay, they cease all communication.
• How to Protect Yourself:
  • Never rent a property you (or a trusted friend) have not personally toured inside.
  • Reverse image search the listing photos. If they appear on other real estate sites under a different agent or for sale, it's a scam.
  • Be wary of landlords who are "unavailable" and only accept electronic payments.

10. The AI-Powered Deepfake Scam​

• The Full Mechanics: This is an emerging and highly sophisticated threat. Scammers use publicly available video or audio clips from social media to create a convincing "deepfake" — a synthetic media — of a person's likeness or voice. They then use this in a vishing (voice phishing) attack.
• Real-World Example: A CFO receives a video call from what appears to be the CEO. The video is slightly off, and the audio is choppy (blamed on a "bad connection"), but the face and voice are recognizable. The "CEO" instructs the CFO to immediately wire $250,000 to a new vendor for a "time-sensitive acquisition." The pressure and apparent legitimacy cause the CFO to comply.
• How to Protect Yourself:
  • Establish verification protocols. In any business setting, large financial transactions should require secondary verification through a different channel (e.g., a phone call to a known number).
  • Be suspicious of unusual requests, especially those demanding secrecy and speed.
  • Look for digital artifacts in the video, like unnatural blinking, poor lip-syncing, or glitchy edges around the face.

The Ultimate Defense Strategy​

1. Pause and Question Urgency: Scammers demand immediate action. Legitimate matters can wait for verification.
2. Verify Independently: Hang up, close the email, and contact the organization or person using a known, official method.
3. Guard Your Digital Keys: Your passwords, Social Security number, and one-time passcodes are the keys to your kingdom. Never give them out.
4. Know the Payment Red Flags: Gift cards, wire transfers, and cryptocurrency are the payment methods of choice for scammers because they are irreversible. Any request for payment this way is a guaranteed scam.
5. Trust Your Gut: If something feels wrong, it probably is. It's better to be rude and safe than polite and sorry.

Staying informed and maintaining a healthy level of skepticism are your most powerful tools in the fight against these ever-evolving threats.