On the eve of Defender of the Fatherland Day, fraudsters have stepped up schemes that exploit holiday demand and the patriotic agenda. This was reported to RIA Novosti by experts from Secure-T (Solar Group) and the Moshelovka platform of the People's Front.
Experts identify three main vectors of attack. The first is fake online stores disguised as well-known brands: aggressive discounts on gadgets, perfumes and military paraphernalia end with the buyer not receiving the goods or receiving a fake. A variation of the same scheme is landing pages with "themed men's sets": tools, elite alcohol, gadgets. After prepayment, the site disappears.
The second vector is social engineering based on patriotic feelings. Messengers are spreading fundraising campaigns allegedly to support veterans, help military personnel or send gifts to units - with emotional appeals and photographs. At the same time, "gift certificates for 5000 rubles" are sent out on behalf of popular stores: when clicking on the link, the user is asked to enter card details "for verification" or install a malicious application.
The third is a scheme with false delivery. Fraudsters call or write on behalf of courier services, report a "due gift" and ask to pay a symbolic fee or confirm the address, extorting SMS codes and card details. Khariton Nikishkin, CEO of Secure-T, estimates the total damage from such schemes at tens of millions of rubles annually.
On the horizon is a new tool: according to Nikishkin's forecast, fraudsters will embed QR codes in advertising mailings and holiday cards. When you follow such a code or open a malicious image, software is downloaded to the device that steals banking data.
The key sign of fraud in all schemes is the same: any incoming request for an SMS code. Real couriers, shops and banks do not request such codes. An unfamiliar online store should be checked for details, domain history and reviews before buying - and the address should be entered manually, without clicking on links from mailings. Experts advise buying gift certificates exclusively on official websites.
