Cybersecurity expert names five most common schemes to deceive the population in 2025

And the maximum number of fraudulent calls on certain days exceeded 20 million per day - this is the largest figure in the world. The former FSB officer, now the director of investigations of the digital asset security platform "SHARD" Grigory Osipov, told MK about the latest methods of deceiving Russians and what citizens can do to protect themselves.

Scenarios of criminal schemes

— What new types of fraud have criminals come up with recently?

— In 2025, fraudsters continue to improve their schemes, actively using digital technologies and social engineering, as well as adapting to the measures taken by the authorities to combat them.

— If we talk about the most common scenarios used by scammers, what are their main tricks?

— First of all, these are fake calls on behalf of departments or delivery services. Fraudsters pose as employees of government agencies in order to gain access to personal information or finances of victims. They can report fictitious problems and demand urgent action. This includes the notorious “safe account” scheme, calls allegedly from the tax service, bailiff service and notaries. There are several scenarios for constructing a conversation with victims.

The first is when scammers call, claiming that a contract with a mobile operator needs to be renewed, and ask for a code from an SMS to gain access to the victim’s account.

Another option: the victim is informed about alleged attempts to raid the apartment and is offered to "help" the special services to "protect" the property. As a result, the victim is convinced to transfer the apartment to another person and transfer the money "to a safe place."

Another common scheme is when fraudsters claim that they are trying to steal money from the victim and offer to install a supposedly official Central Bank application, which is actually malicious. After installation, the victim is asked to hold the card to the phone and enter an SMS code, which allows the criminals to create a virtual copy of the card and withdraw money using contactless payment.

However, given the strengthening of anti-fraud policies by banks, fraudsters are increasingly asking to withdraw cash and hand it over to couriers in order to bypass blocking of online transfers.

"Fake Boss"

- But this is only the first type of fraud. What else did they come up with then?

— In second place, I would put messages in messengers on behalf of managers. For brevity, this method of deception is often called "Fake Boss." Fraudsters send messages to employees or acquaintances of victims, posing as superiors or relatives, with requests for urgent money transfers or other financial transactions.

This scheme is based on social engineering and trust. Here, either there is a "transfer" to a law enforcement officer, if, for example, there was an alleged leak of personal data of company employees, or to an employee of the "bank" or tax service, if it is necessary to allegedly sort out some issue.

— Are we talking about so-called deepfakes – the creation of realistic videos with friends and relatives?

— Yes, scammers use artificial intelligence (AI) technologies to create realistic voices and videos. With the help of AI, they imitate the voices of relatives, bank employees or government officials to convince the victim of the need for an urgent transfer of funds. Deepfakes with celebrities are also used — falsified videos in which famous people allegedly make certain statements. This increases the trust of victims in scammers and increases the likelihood of a successful deception.

— Last year, many experts warned about the theft of accounts on the State Services portal.

— Yes, this scheme is still in place. Fraudsters actively use phishing mailings and fake notifications (for example, about fines for traffic violations) with an offer to pay the fine at a discount via a link leading to fake websites. The goal is to gain access to citizens' accounts in order to then use them for fraudulent purposes.

— Has anything new appeared here?

— The innovation here is that fraudsters approach citizens under the pretext of establishing a self-prohibition on loans (which has only been in effect in our country since March) and through this trick they gain access to the service.

— Is this already the third fraud scheme?

— Rather, this shows that criminals are actively following Russian news. The third innovation of the scammers can be called the creation of fake Telegram bots. Attackers create thematic Telegram bots, for example, related to training or some holidays and events that promise gifts or prizes for subscribing to certain channels. Such bots act on behalf of popular services (for example, marketplaces) and use phishing, account hijacking and advertising of investment frauds through social networks, with subsequent redirection to Telegram channels.

Cybercombinators

— What comes in fourth place then?

— Fake online stores and payment fraud with delivery. Since 2025, the number of cases has increased sharply when fraudsters create fake websites with advantageous offers, send fake documents (order numbers, contracts), and after the goods are paid for, they stop communicating. Fake payment pages for delivery, where bank card data is stolen, are also common.

- But all this happened last year too...

— Yes, but in 2025, fraud via QR codes was added to them. Even scooter rental services suffered from this. Criminals create fake QR codes that, when scanned, redirect the user to fake sites that collect personal data or offer payment for non-existent services.

- Well, what kind of fraud is in fifth place?

— I would put all types of multi-channel attacks and social engineering here, that is, hybrid methods of influence. Fraudsters increasingly combine different schemes: phone calls are accompanied by messages in instant messengers and emails. Another popular story is the transfer of the victim from one "curator" to another. First, the alleged "boss" calls, then an "FSB officer", and then an employee of the "bank".

This creates the illusion of an official appeal and increases pressure on the victim. Particular attention is paid to social engineering - psychological techniques aimed at obtaining confidential information or money. Criminals use threats, urgent requests and other manipulation methods to force a person to act in their interests.

— Is the goal of all this still to steal personal data and payment information?

— Yes, fraudsters collect personal information, such as addresses, phone numbers, passport details, in order to use them in various fraudulent schemes. Fraudsters use phishing not only to steal money, but also to gain access to personal data, as well as to install malicious software on mobile devices.

In 2025, the number of phishing sites aimed at stealing accounts in instant messengers and social networks increased more than 2.5 times compared to the same period of the previous year.

Fraudsters' schemes are now more sophisticated and can follow different scenarios. The approach can be a phone call from a delivery courier, a message from a fake manager, a call from government agencies, and then the scenario plays out depending on the victim's behavior and circumstances.

Guardians in the "high offices"

— Do the authorities’ actions help in the fight against fraud?

— In 2025, the fight against cyber fraud became one of the priority areas of state policy in Russia. In February of this year, the government approved the "Concept of the state system for combating crimes committed using information and communication technologies", which includes a list of 30 different measures.

— Are they really capable of protecting Russians?

— The effectiveness of these initiatives is assessed ambiguously: on the one hand, real tools for combating criminals are emerging and some of the initiatives really work, on the other hand, fraudsters are constantly adapting to new conditions.

— How do you feel about the self-prohibition on taking out loans?

— This is one of the most effective measures of recent months. It is available to Russians through the State Services portal. This service allows citizens to voluntarily block the possibility of applying for a number of loans in their name in many banks and microfinance organizations. According to the National Bureau of Credit Histories, as of March 1, 2025, 10 million people have set such restrictions for themselves, and statistics indicate a decrease in attempts to apply for fraudulent loans. This measure is relevant for those who have already become victims of such loan fraud: for pensioners and people making impulsive purchases.

— The authorities are going further and are already considering the issue of a self-ban on the issuance of SIM cards.

— This measure is aimed against schemes using "drops" — front men who register phones and bank cards for money laundering. The "Gosuslugi" service already has a service for checking information about phone numbers registered to a person. Another issue is that such self-restrictions do not allow for the full use of convenient financial instruments.

Fight the droppers!

— Has tightening the laws against “drops” benefited society?

— Only in 2025, amendments were made to the Criminal Code of the Russian Federation, toughening the penalties for participation in cashing out proceeds of crime. Now, providing your data to apply for SIM cards, bank cards or e-wallets for criminal purposes will result in real prison terms. Also, “droppers” (this is the name given to members of criminal groups who recruit droppers, i.e. front men, and organize their work — MK) will be held liable.

Thanks to such tightening, the number of people willing to participate in dubious "side jobs" where they were offered to "surrender a passport for money, earn money quickly without investment or effort" has significantly decreased. This is how their duties were usually described in advertisements looking for "drops". However, vulnerable categories - people with addictions, teenagers and visitors - still become "drops" due to need and lack of understanding of the consequences.

— What do you think about the actions of the Bank of Russia to protect citizens from fraud?

— The regulator has been working in this area for a long time and effectively. Since 2024, the Bank of Russia, in cooperation with its protégés, has implemented anti-fraud mechanisms — automatic transaction analysis systems that identify suspicious transfers in real time.

The results of this tightening of bank transfer rules are as follows: now banks block or "freeze" transfers at the slightest sign of fraud, and users receive notifications and the opportunity to confirm the transaction or cancel it. This system also has its "excesses": sometimes there are false positives and inconveniences for honest users.

— What can be said about the ban on the use of foreign messengers for employees of government agencies, banks, telecom operators and digital platforms when communicating with clients?

— This adequate and useful measure, unfortunately, is not yet achievable with the current level of implementation of foreign technological solutions, but it is certainly necessary to strive for this.

Not all planned measures have been fully implemented yet: this concerns the bank freeze, restrictions on cash withdrawals from ATMs, the creation of a voice database of fraudsters and a number of other measures. It is clear that fraudsters adapt to any changes and constantly improve their methods of deception. The state, unfortunately, does not always keep up with such changes.

Fraudulent Geography

— From which countries do scammers most often operate today?

— According to our data, the main sources of such crimes are still concentrated in Ukraine, where numerous fraudulent call centers targeting Russians operate. According to banking data, about 95% of fraudulent calls to Russians are made from the territory of Ukraine, where there are about 800-900 call centers specializing in deceiving our compatriots. Some call centers in the interests of the Ukrainian SBU also operate from the territory of Russia.

— But the attacks are always directed at our citizens?

— Fraudsters from Ukraine have begun to expand their activities beyond Russia, targeting residents of Europe, including Poland, Germany, the Czech Republic, Israel, Latvia, Lithuania and Estonia. They use calls from fake numbers, instant messengers and even deepfake technologies to deceive ordinary people.

The effectiveness of these schemes is due to linguistic and cultural proximity, as well as the lack of cooperation between law enforcement agencies of Russia and Ukraine, taking into account the SVO.

— How can citizens protect themselves from fraudsters in 2025?

— Every year, fraudsters become more sophisticated, actively using virtual technologies, psychological techniques and vulnerabilities of digital services to steal people’s money.

You can talk about digital hygiene and financial literacy measures for the thousandth time, recommend treating all offers with caution and a critical approach, but in the end you will still become a victim of fraudsters, falling for their unexpected move and deception.

As for recommendations, I would reduce them to a phrase from Mikhail Bulgakov's novel "The Master and Margarita": "Never talk to strangers." This is especially true for older people. Yes, someone may find it funny to talk to scammers for a long time, knowing that they want to scam you, but in most cases it is better to simply protect yourself from communicating with them and not answer unknown calls and messages.

— It turns out that one of the psychological problems is people’s trust in government officials: in employees of various departments?

— Therefore, it is important to remember that government officials almost never call first, especially when calling via video link or messenger is out of the question. Most often, if government or law enforcement agencies need something from a person, they will write a letter or officially contact them via “Gosuslugi”.

The same applies to contacts with strangers: it is considered good form to write before calling a person, since the tactic of not picking up the phone from unfamiliar numbers seems quite justified in our time.

People have been deceived at all times, today only the tools of influence have changed. We live in a new digital world, to which not everyone can adapt, especially the older generation, while we still have trust in government agencies and, most importantly, in people. These two factors - trust and misunderstanding of new processes and technologies - are the basis for modern fraud.