Russians were warned about a mail fraud scheme before the New Year

In November 2025, the number of emails with malicious attachments increased by 18% compared to October. An even bigger surge is traditionally predicted in December: according to statistics, there are 2.5 times more malicious emails in December than in other months. BI.ZONE Mail Security analysts warned about this in an interview with Izvestia on December 12.

Before the New Year, attackers often use seasonal scenarios: they offer delivery of corporate gifts, specify addresses, issue invoices and request confirmation of shipments. Emails are disguised as messages from large logistics companies and files are attached, such as receipts or invoices.

Bad Santa: scammers profit from the New Year holidays

Experts told about the most dangerous schemes of cybercriminals

In 2025, such a scheme is especially common. The attackers send an email offering to receive the documents with delivery. It contains a memo with a QR code that is supposedly valid for only three hours, which encourages the user to hurry up. The victim is also warned that scanning the code can be difficult "due to problems with the Internet." In fact, there is a non-working link in it, because mail filters can block an email with a malicious attachment. The user scans the code, cannot access the website, and contacts "support" from the memo.

This is exactly what the attackers are trying to achieve — to force the victim to leave a secure channel and switch to a messenger, where it is easier to transfer a working malicious link. Trying to pay the bill on it, the user loses not only his data, but also money.

"You should be careful about messages with attachments and links (including QR codes) if you are not sure about the sender. Do not follow links and do not correspond with "support" outside the official websites, as well as with contacts not listed there," warned Dmitry Tsarev, head of cloud cybersecurity Solutions, BI.ZONE.

He recommends sending any suspicious emails immediately to the cybersecurity team — this reduces the risk of compromise and helps to quickly identify new attack patterns. Also, before the New Year, it is worth reminding employees of the basic safety rules and increasing their vigilance, the specialist advised. Attackers often put pressure on emotions: urgency, fear of losing a gift or a lucrative offer.

On December 9, F6 reported that fraudsters began distributing malicious applications disguised as radar to track payment rates for couriers and taxi drivers. To attract victims, the attackers claim that their application allegedly has a number of advantages and features.

All important news is on the Izvestia channel in the MAX messenger.