In Ukraine, scammers are becoming more and more cunning, disguising their attacks as official websites and accounts. To avoid scammers' traps, you need to at least check the sources of information and use two-factor authentication. But the problem is that scammers are constantly improving their methods. Internet fraud is taking on new forms and citizens are often not ready to respond quickly to potential threats.
In an interview Ukrainian News The head of the specialized unit of the Cyber Police, Alexander Ulyanenkov, told how not to fall for the scammers' hook, what are the most common fraud schemes, how to protect yourself on Telegram, and how fraudulent schemes with "dromes" and "crypto" work.
Tell me, what are the most common Internet fraud schemes?
With the development of online commerce technologies, the variety of fraudulent schemes is also growing. At the same time, criminals adapt to social needs and significant events. For example, during the war, Ukrainians join charity collections in support of Ukrainian soldiers, want to purchase military goods or receive social assistance. Criminals often use this. One of the most common schemes is non-delivery of goods. The buyer finds a profitable offer on the Internet, transfers a full or partial subscription to the details specified by the seller, after which the latter ends the communication and does not fulfill its obligations. This often applies to military ammunition or essential goods.
Another classic scheme is calls on behalf of bank employees. Fraudsters pretend to be bank employees and scare people that their card has been blocked, someone is trying to charge them money, or new rules are in effect due to martial law. In this way, the attackers ask for confidential financial data necessary to appropriate savings, or even encourage victims to transfer money to supposedly “safe accounts.”
In addition, scammers often use phishing in their schemes. Criminals create copies of marketplaces, banks, delivery services, charities or other online services and use social engineering techniques to convince people to enter their payment details. In this way, the scammers gain access to other people's accounts and empty them.
Separately, it is worth highlighting the use of phishing links under the guise of the “e-Assistance” program or payments to Ukrainians from the UN, the Red Cross, and other international organizations. To be more convincing, scammers can create controlled channels or communities in popular messengers, lure subscribers, and fill them with relevant content that looks identical to real sources.
To increase the effectiveness of phishing attacks, criminals can also use hacked Ukrainian accounts. In addition, compromised accounts can send messages to victims' contacts asking them to urgently borrow money, for example, for the treatment of a child who suffered from the war. And, of course, there are classic schemes - “your relative is in trouble”, “you won a car”, “replace the SIM card”. All of them are aimed at catching a person by surprise, causing panic, excitement or other strong emotions and forcing them to quickly transfer money. Now scammers are becoming even more inventive, so the main rule is not to rush into decisions, check information and do not give out your personal data to strangers.
So how do you protect your data, especially recently Telegram, which is being hacked and extorted money?
Data protection primarily depends on the user and their awareness of cybersecurity issues. First of all, it is worth setting up two-factor authentication - this will significantly complicate access to your account for attackers, even if they manage to find out your password.
It is important to use sufficiently complex (from 12 characters) unique generated passwords with special characters, numbers and upper and lower case letters for each social network, use password managers and do not transfer confidential information to third parties. Fraudsters can pose as friends, administrators or support service, trying to lure your data or money. It is also worth monitoring account activity and periodically checking active sessions.
Another important point is financial security. Since one of the scammers' schemes is related to the reissuance of SIM cards, it is worth prohibiting remote number recovery, going through the personalization procedure (binding passport data to your number), or switching to contract service from a mobile operator. In addition, you should not click on dubious links, as phishing sites can steal your data. You should also download applications only from official marketplaces to avoid encountering malware.
In general, no messenger can guarantee absolute security, so users should take the utmost responsibility when protecting their accounts, use two-factor authentication, and be careful about the security of their devices and not hand them over to third parties. In addition, when choosing a messenger, you should pay attention to several key aspects: type of encryption, privacy policy, level of vulnerability to attacks, etc.
If you doubt the reliability of the relevant mobile application, do not transmit important information via this communication channel. If you have been scammed or your account has been hacked, you should immediately contact the administration of the relevant resource to restore access, warn your friends about the compromised account, and contact the cyber police - this will not only help in your case, but will also help prevent similar attacks on other users.
And what is the largest amount that fraudsters have managed to extract in Ukraine at one time?
There have been cases when fraudsters managed to steal more than half a million hryvnias at once.
Do politicians and businessmen also fall victim to internet scams?
Yes. The cyber police, among other things, receive appeals from company representatives when fraudsters, imitating the activities of a particular business, not only misappropriate client funds, but also deal a blow to the reputation of organizations.
In general, the more public a person or company is, the more careful they need to be about their own cybersecurity. Also, criminals often use images of famous people or popular brands in various fraudulent schemes.
How often do Russian hacker attacks on our data occur?
Hacker attacks by the Russian Federation on Ukrainian web resources have become a very frequent phenomenon even before the start of a full-scale war, and this seriously complicates the situation. Cyberattacks are a part of war where attackers try to attack critical infrastructure, steal important information, destroy data, or disrupt the functioning of online resources important to Ukrainians.
Attacks are happening all the time, and they take many forms: from DDoS attacks that aim to overload and disable servers, to targeted phishing campaigns that target a specific audience or person, and attempts to steal or destroy databases. There are especially many such attacks on government institutions, financial institutions, energy companies, etc.
For example, on the eve and in the first days of the full-scale war, hackers hacked some government websites, spreading propaganda or replacing important information. Such attacks were aimed not only at causing economic losses, but also at spreading panic among citizens. However, Ukrainian cybersecurity entities are actively working to protect against such attacks. Systems for detecting and blocking cyber threats are constantly being updated, and a number of operational measures have been taken to neutralize attackers and restore compromised systems. The situation is quite complex, but thanks to the constant efforts of Ukrainian cyber specialists, it is possible to limit the scale of damage and actively counter cyber threats.
How do fraudulent schemes from pre-trial detention centers work? Criminals who are incarcerated there use various methods to extort money, and they often succeed. How does it work?
Sometimes, individuals serving sentences in prisons are involved in committing Internet fraud. To solve such crimes, the Cyber Police Department has established cooperation with the State Penitentiary Service of Ukraine for Combating Criminal Offenses. Prompt exchange of information, joint participation in conducting investigative or detective actions have already significantly reduced the number of frauds under the guise of calls on behalf of bank employees. As an example, in November 2023, employees of the Department stopped the illegal activities of a criminal organization that is serving or has served its sentence in Vinnytsia Correctional Colony No. 86. Members of the criminal group made calls to the victims' mobile phones on behalf of security officers of a well-known banking institution. The trial is currently ongoing. Such investigations require some time to collect evidence and bring to justice not only ordinary perpetrators, but also the organizers of such frauds.
What are the most common cybercrime methods used by Russians to harm Ukraine or to recruit citizens? How to avoid falling into the trap?
The techniques, methods and tactics are quite diverse, the most common of which are phishing, infrastructure attacks, malware and recruitment through social networks. For example, they often send messages with fake links to steal personal data or hack an account. They also try to gain trust through social networks to lure important information or even recruit a person to cooperate. To avoid falling into the trap, first of all, you should be careful with whom you communicate with and what you reveal about yourself. You should not trust strangers, especially if they show excessive interest in your views or work. Always check the information you receive, avoid clicking on suspicious links and do not download files from unknown sources. Your devices should also be protected - update applications, use antivirus and avoid connecting to open Wi-Fi networks. Well, if you notice something suspicious, it's better to contact law enforcement than to risk your own safety.
What are the most common methods of cryptocurrency fraud? How are Bitcoins and other digital currencies stolen and has anyone managed to get the stolen money back?
Criminals are constantly trying to come up with new ways to lure cryptocurrency from owners. If we talk about the most common schemes, then among them we can distinguish several key categories. First, these are scam-ICOs - fake fundraising campaigns for supposedly promising crypto projects. People are offered to invest at an early stage in order to subsequently receive super profits, and then the organizers simply disappear with the money. Phishing attacks are very common, when scammers create fake crypto exchange websites or send emails with supposedly official requests to enter their data. As soon as the user enters their login and password, their account ends up in the hands of attackers.
Another popular method is pyramid schemes and Ponzi schemes. People are promised high profits, but in reality they receive money at the expense of new investors. As soon as the flow of investors slows down, the scheme collapses, and most participants are left without funds. Fake airdrops and sweepstakes are also common. People are offered “free crypto” in exchange for a small contribution, but, of course, it is impossible to get anything in return.
Another option is Pump & Dump, when a group of scammers or influencers artificially inflates the value of a little-known cryptocurrency, luring new investors. When the price rises, the organizers sell their assets, and everyone else is left with devalued tokens. Today, artificial intelligence is actively used, creating deepfakes with famous people who supposedly support crypto projects. The more realistic the fraudulent content looks, the more people fall into the trap.
As for returning stolen cryptocurrency, it is difficult, but sometimes possible. If the funds were transferred to a centralized exchange (CEX), you can try to block them by contacting the exchange’s support and providing evidence of fraud. Exchanges often cooperate with law enforcement and can help block funds until the investigation is complete. And, of course, victims should contact law enforcement – for example, in Ukraine, this is handled by the cyber police.
But the main rule is not to invest in suspicious projects and always check information before any financial actions.
How does the "money mule" scheme work and how many crimes have been registered since the beginning of the war? Did the National Bank's restrictions help and how did they affect the number of drops?
The “money mule” or drop scheme works according to a simple but effective model. For example, scammers recruit people through social networks, messengers, or ads for “easy work.” They then ask to open a new bank account or transfer data to an existing one. Funds obtained illegally, for example, from fraudulent schemes, phishing, drug trafficking, or cybercrime, are transferred through these accounts. After that, the drop either withdraws the money on its own and transfers it to “curators,” or transfers the funds further to other accounts, cryptocurrency wallets, or international financial services. Since the beginning of the full-scale invasion of the Russian Federation, the number of such crimes has increased significantly—according to cyberpolice, by about 40% compared to the pre-war period. Among the main factors that contributed to this are economic instability, job loss, migration of Ukrainians, and the active use of cryptocurrencies. Most often, money mules were used in schemes of fake charity collections "at the Armed Forces of Ukraine", in fake online stores, crypto fraud, and transfers through international money laundering services.
As for the measures taken by the National Bank, since the beginning of the war it has introduced stricter financial monitoring rules: control of large transfers, mandatory verification of customers via BankID, restrictions on international payments without confirmation of the origin of funds. This has significantly reduced the use of bank accounts for illegal transactions, but fraudsters have quickly adapted. They have begun to more actively use cryptocurrency services, P2P exchangers, and even issue cards for foreigners or stateless persons.
The main problem remains that many people do not fully realize the seriousness of the consequences of their actions. Droppers often believe that they are simply “helping” with the transfer of money, but in fact they can be considered accomplices in financial crimes. That is why work is currently underway not only on technical blocking of schemes, but also on legislative initiatives to strengthen responsibility for such actions. In particular, a draft law on criminalizing the specified category of persons has been developed together with financial institutions and the National Bank.
Thank you for being with us! Monobank for the support of the ElitExpert editorial office.
