Enemy's call: the most popular fraudulent schemes in WhatsApp are named
Information security experts have named the most popular types of fraud on WhatsApp (owned by Meta, a company whose activities are recognized as extremist and banned in the Russian Federation). Izvestia talked to the victims of the attackers and found out exactly what schemes they use. Among the most common are calls from alleged managers and employees of the Ministry of Internal Affairs, hacking profiles and using them for mass mailings, requests from "friends" to urgently transfer money, as well as phishing links under the guise of profitable offers from companies. According to the .RU/ Domain Coordination Center.In the Russian Federation, the number of fraud cases on WhatsApp in the first three months of 2025 increased sixfold compared to the same period in 2024. What is the reason and how to deal with such attacks is in the editorial's material.
How scammers deceive Russians on WhatsApp
Attackers have become more likely to deceive Russians through social networks. Information security experts call calls or messages on behalf of alleged employees of banks, government agencies, or company executives one of the most popular schemes on WhatsApp.
The scheme works like this: fraudsters contact the victim via WhatsApp with a request to "check the security of accounts so that they are not stolen" or "ask to confirm the data," Igor Bederov, director of the Internet Search company, told Izvestia. To do this, attackers often use victims' merged data to the Network, for example, in conversation they call their passport information to increase trust.
— If scammers contact the victim through messages, they most often contain phishing links to fake websites. They can also ask you to send the codes from the SMS," the expert explained.
In communications with victims, the scheme of a call or message from the alleged head of the company began to be used more and more often. He asks the employee to assist the FSB officer, who will call later and provide all the requested information. Next, the same "FSB officer" calls and begins to intimidate the person, even accusing him of some kind of fraudulent actions.
— I was told that my name was on the list of people on whom my company illegally issued money withdrawal abroad, the documents and the director general's order were provided, and the director himself asked to cooperate with the authorities and fulfill all their requirements. It got to the point where I was told to give my account and card numbers to verify the information and then transfer funds to other accounts. The intimidation went on for several hours. I came to my senses at the time," Mikhail from Moscow told Izvestia.
There are quite a lot of user complaints on the forums today. So, one of them said that he received a call from the allegedly Investigative Committee. The interlocutor suggested going to the bank, withdrawing money from the account, and, of course, transferring it to a safe one. It was also said not to interrupt communication and to be constantly on the line. When the user offered to come to his house with a warrant, the conversation was terminated.
In general, the number of fraud cases on WhatsApp in the first three months of 2025 increased sixfold compared to the same period in 2024, the <url>/.RF Domain Coordination Center told Izvestia.
This is due to the effect of a chain reaction — a kind of "digital gold rush," Evgeny Pankov, an analyst at the center, explained to Izvestia. Last year, WhatsApp was a bit in the shadows compared to Telegram, but now attacks through this messenger are gaining momentum, he noted.
— WhatsApp has a large number of users in Russia, including among the most vulnerable categories to fraud — children and representatives of the older generation. Phishing and social engineering remain the main tools of fraudsters. They easily adapt their scenarios to where people's attention is currently focused and where the chance of success is higher," the expert said.
Schemes involving account theft and requests for help
Another popular scheme used by criminals is account theft and sending messages on behalf of friends asking for help, for example, to borrow money from some critical situation.
According to Evgeny Pankov, fraudsters massively send links to phishing pages to users, and when they access them, the user loses access to their profile. Through such fake pages, attackers gain full access to a person's messenger account.
In this case, the scenarios may differ, but the goal is always the same — to capture an account for further use in fraudulent schemes. Most often, messages are sent from a hacked account to a contact list asking them to lend money. Often, trusting a "friend," people transfer funds to fraudsters' accounts, the analyst noted.
Also, in the same scheme, the attackers use other techniques — they inform relatives and friends about an emergency situation, for example, about an accident that happened to their son, daughter, mother, and so on. Hiding behind this, they ask for an urgent transfer of money. For persuasiveness, audio messages with a fake victim's voice created through neural networks are added, Igor Bederov recalled.
— I was asked to borrow 50 thousand rubles for a couple of days, a relative of a friend allegedly had a serious accident and urgently needed money. I wrote to a friend in another messenger to clarify if he had sent me such a message, he said no, Ekaterina from Moscow told Izvestia.
Phishing mailings with "profitable" promotions
Another scheme used by criminals is phishing links, when attackers send them under the guise of profitable offers, Igor Bederov said. For example, the messages send links to "investment projects", "lotteries", "discounts" or "bonuses from banks".
When clicking through, the user is redirected to fake sites where card data is collected in order to steal funds, he added.
The current scheme on the eve of the holiday season is supposedly favorable discount offers from hotels.
— I was offered the Zhemchuzhina hotel in Sochi for June at a 30% discount — I watched it on the Internet and contacted the alleged employees via WhatsApp. They offered to fix the action and transfer 50 thousand rubles," Maria from St. Petersburg told Izvestia. — I transferred the money, but when I arrived at the hotel, I was horrified to find out that there was no reservation from me. I had to urgently look for another hotel, I did not return the money, even writing a statement to the police.
How to protect yourself from scammers
The press service of Roskomnadzor confirmed to Izvestia that fraudsters have increasingly begun to commit their criminal acts through foreign messengers that do not verify user information.
—WhatsApp LLC is systematically brought to administrative responsibility for failure to delete prohibited information and for failure to fulfill the duty of the organizer of information dissemination," the department added.
Messengers themselves are just a method of communication. Attackers use this vector, as a large number of people use such services, explained Tatiana Shcherbakova, a content analyst at Kaspersky Lab.
It is important for users to follow key security rules: set up two-factor authentication or access keys to protect their account, be critical of extremely generous offers from companies and promises of easy earnings, as well as questionable requests, the expert explained.
Also, you should not follow links from questionable messages, it is important to use a reliable security solution on all your devices that will prevent an attempt to go to a phishing or scam page, she added.
WhatsApp, despite its wide popularity among Russians, remains the last massively used service from Meta, a company recognized as extremist in Russia, said State Duma deputy Anton Nemkin. At the same time, the messenger itself continues to ignore the requirements of Russian legislation regarding data localization, cooperation with law enforcement agencies and transparency in the fight against cyber threats, he added. This is what creates a zone of digital vulnerability where fraudsters feel as comfortable as possible, the parliamentarian concluded.
Переведено сервисом «Яндекс Переводчик»
