The expert warned about a new type of fraud through fake push notifications

Fraudsters actively use fake push notifications that are visually indistinguishable from messages from banks, marketplaces, delivery services, and other popular services. Dmitry Morev, Director of Information Security at RuStore, told Izvestia about this on July 11.

According to him, the attackers exploit users' trust in mobile interfaces by disguising their actions under standard transaction confirmation procedures, and thus gain access to bank accounts, accounts and personal data.

One common scenario starts with a push notification that mimics an official message, such as a card being blocked, a suspicious account login, or a delivery problem. This is followed by a call from an alleged support employee who convinces the victim to send a confirmation code from an SMS or push message. After receiving the code, criminals gain access to a personal account and initiate a transfer of funds or hijack an account.

Morev noted that the Central Bank confirms that the interception of one-time codes through fake notifications has become the main method of fraudulent attacks. According to the expert, the real services of banks, government agencies and services never request confirmation codes over the phone or in chat rooms, and phrases like "transfer to a secure account" are a clear sign of deception.

"Fake work chats in messengers pose a particular danger. Scammers create groups in Telegram that look like official channels of organizations, such as educational institutions or medical institutions," Morev warned.

Installation for theft: how scammers spread dangerous apps among Russians

The attackers pose as bank employees and representatives of operators.

Under the pretext of "registering in the corporate system," users are directed to a phishing bot that requests a push code and then asks them to post it in a chat, where it is intercepted by intruders. For greater persuasiveness, fake participants and a fake administrator may be present in such chats. The Interior Ministry has already documented dozens of such cases and warned citizens against transmitting codes, even if the request allegedly comes from colleagues.

"Another popular scheme is fake notifications from delivery and taxi services. Users receive messages about a failure in the order, an error in the system, or the need to confirm the address. A push notification appears in the application with a code that is supposedly needed to complete the operation. If the victim transmits this code by phone or via a bot, the scammers gain access to her account and can make trips or orders at her expense, as well as use the account for further phishing," the specialist said.

According to the Ministry of Internal Affairs and Roskomnadzor, such attacks have become more frequent in 2025 due to the high visual reliability of fake interfaces and user trust in brands.

Scammers are particularly active in the field of practical jokes and promotions. For example, in May–June 2025, fake drawings of Labubu figures were distributed on Telegram, where participants were asked to leave a review and receive a gift. To "receive the prize," you had to specify a phone number and enter a code from a Telegram push notification, after which the account was intercepted. Similar schemes were previously used under the pretext of iPhone sweepstakes and promo codes for subscriptions, but this year they have gained new popularity due to popular trends.

Dmitry Morev notes that the main vulnerability is users' inattention to notification sources. The main signs of a fake push message are a panicked tone, the absence of a direct link to the app, the unexpected nature of the notification and its coincidence with a suspicious call. Owners of Android devices without antivirus software and those who download applications from unofficial sources without checking the requested permissions are the most vulnerable.

The expert recommends never transmitting codes from push notifications, not installing applications outside official stores, restricting software access to system notifications, and turning off the Internet at the slightest suspicion, changing passwords, and contacting the bank. It is also useful to use two-factor authentication via email instead of SMS or push and regularly check which applications have access to notifications in the device settings.

Earlier, on July 7, it was reported that scammers on Telegram began using the new "suggested posts" feature in order to send phishing links to owners of major channels, disguising them as interesting content. The main trick is to offer the administrator a generous fee so that he wants to explore the details via a link that leads to a phishing resource.