A sharp increase in the number of suspicious calls and messages is not an accident, but a clear marker that a phone has fallen into the professional databases of fraudulent call centers. As explained by the Department for Combating Illegal Use of ICT of the Ministry of Internal Affairs, this happens because the number was marked as "active" in the CRM systems of attackers. Such a mark appears if the subscriber previously answered calls, clicked on links, or engaged in correspondence with unknown persons, after which their data is resold between different criminal groups.
After falling into these databases, the victim is hit by a cascade of attacks. Fraudsters test dozens of different scenarios simultaneously, trying to determine which legend will work. Messages about delivery, pension recalculations, medical examinations, and account hacking arrive almost daily, but completely different groups of attackers, who buy ready-made call lists, may be behind them. This is not a single attack, but a conveyor belt processing of the number by different criminal teams.
To break this chain, the Ministry of Internal Affairs recommends reviewing information available in the public domain and maximizing privacy settings in messengers. It is necessary to prohibit adding to groups and channels for all users except contacts, hide the phone number from strangers, restrict the ability to search for an account by number, and block the ability for unknown numbers to write first. This does not guarantee complete protection, but significantly reduces the likelihood that the number will be sold as "live" and suitable for further calling.