Other people's rules: how scammers speculate on the topic of changes in legislation
Fraudsters can speculate on the topic of changes in legislation to deceive Russians, experts have warned about this. Attackers take advantage of a large volume of legislative changes, which can sometimes be difficult for even specialists to keep track of, invent new rules, and then use them to steal funds and personal data of victims. For details on how fraudsters speculate on the topic of changes in legislation, how dangerous their schemes are and how to protect themselves from them, read the Izvestia article.
Why is the topic of legislative changes interesting to fraudsters?
Changes in the legislative sphere occur on a regular basis, but they are monitored mainly by those who are interested in this by virtue of their official duties, says Alexandra Shmigirilova, GR director of the Security Code information security company, in an interview with Izvestia. At the same time, the number of changes is very large, since they are handled by many departments from different fields and industries — sometimes even it is difficult for specialists to understand this amount of information the first time.
— Therefore, fraudsters actively exploit the topic of legislation: innovations allow them to interpret real bills in a way that is beneficial to themselves or even spread false information about allegedly accepted norms, — says the specialist. — In both cases, there is a high probability that the user will open the document because he is used to updates in the legislative field.
New laws, amendments, requirements and deadlines are difficult to check quickly, and most citizens do not fully understand how they affect them, adds Alexander Vinokurov, technical account manager at R-Vision. This is what the attackers use, disguising their schemes as "official notices", "clarifications" or "mandatory actions".
What schemes on the topic of changes in legislation should we expect in 2026
In 2026, fraud schemes on the topic of changes in legislation will be improved, while attackers will focus on the topics under discussion, said Vitaly Fomin, head of the information security analyst group at the Digital Economy League. For example, fraudsters may focus on the digital ruble, threatening citizens with account blocking due to the new system.
— It is possible that criminals will persuade people to transfer money to a "secure" wallet that actually belongs to them, — says the expert.
Innovations in tax legislation are also capable of causing an increase in the number of schemes aimed at small and medium-sized businesses, the Izvestia interlocutor notes. Fraudsters can pose as employees of the tax service and demand to pay a "new" fee or fine. There is a possibility of schemes offering cashback for paying taxes using a QR code, preferential mortgages when providing confidential information about family members, and other deception options.
According to Vitaly Fomin, changes in legislation may also lead to the updating of document forms, which fraudsters will use to their advantage. AI technologies already make it possible to create convincing fake documents that are difficult to distinguish from real ones. This trend will continue in the future: artificial intelligence will not only be able to generate even more convincing fakes, but will also make it much easier for attackers to send and personalize them. In response to these schemes, some banks are now being asked to provide some of the documents in paper form to confirm authenticity.
— In 2026, we can expect the development of schemes related to digital services of the state and the financial sector: notifications of "new taxation rules", "mandatory data re—registration", "changes in social payments", "new requirements for bank accounts" or "switching to updated platforms", - notes Alexander Vinokurov. — Most often, such messages will be distributed through messengers, email, and fake websites that are visually indistinguishable from official resources.
Currently, cybersecurity experts are recording massive electronic spam mailings, the recipients of which are offered "assistance" in optimizing VAT, adds Kaspersky Lab spam analyst Anna Lazaricheva. Although the messages themselves do not contain phishing links, malicious files, or other email threats that are often found in spam messages, links from them are directed to resources with information about illegitimate activities and suspicious services.
What schemes on the topic of changes in legislation have you encountered before
Scammers have been trying to speculate on the topic of changes in legislation for several years. So, according to Vitaly Fomin, previously, a lot of excitement among fraudsters was caused by the self—lock on loans, which citizens can install from March 1, 2025 - fraud schemes related to this mechanism appeared.
"For example, the attackers introduced themselves by phone to bank employees, informed the citizen about the submitted loan application on his behalf and offered to immediately install a self—lock," the source tells Izvestia. — For this, it was allegedly necessary to fill out an application by reference. In reality, the site turned out to be fake and was created to collect confidential information.
In addition, as the expert notes, pensioners, who do not always understand the legislation in detail, often became the targets of fraudsters earlier. The attackers posed as employees of government agencies and informed the elderly about payments that they allegedly received as part of social support.
Then, citizens received messages with a link to the "website" of a well-known bank, where they had to enter information to log into the "State Services" and bank data, ostensibly to confirm their identity and receive payments. As a result, the scammers received confidential information and the opportunity to steal money, and the person who believed them remained without the promised payment.
"Such schemes are primarily aimed at vulnerable segments of the population who have little understanding of security and the legal framework," says Maxim Fedosenko, a leading engineer and analyst at the Gazinformservice cybersecurity analytical center. — In particular, people who are in difficult life situations (debts, unemployment, illnesses), those who deliberately try to deceive the law, as well as simply gullible and empathetic citizens are at risk.
The danger of schemes based on changes in legislation lies in the fact that citizens may lose not only finances and personal data, but also access to various accounts, emphasizes Maria Mikhailova, head of the Angara MTDR brand protection group. Attackers can also use the information they receive in other fraudulent schemes — for example, personal data and personal correspondence from messenger and social media accounts can be used to blackmail victims.
How to protect yourself from scam schemes on the topic of changes in legislation
In order to protect themselves from fraudulent schemes related to changes in legislation, experts interviewed by Izvestia advise following a number of safety rules. In particular, according to Alexandra Shmigirilova, the very first step is to find information on the official websites of departments about whether a particular law exists at all and whether any changes have been made to it.
— Such information must necessarily be published in government sources, while, as a rule, on official websites there is always either an explanatory note to it or a short summary of the changes, — says the expert.
In addition, if possible, it is advisable to read the text of the law itself (not all of it, but at least the part that relates to the benefits or payments mentioned). In general, it is important to check the information before telling something about yourself to a stranger, says Alexandra Shmigirilova.
Then, if the user is actually entitled to any payments or benefits, it is necessary to make a request to the official authorities - the main thing is not to use either phones or links in the allegedly received official letters. It is important to remember that Russians can receive most public services through official applications of government agencies, the Gosuslugi portal or the MFC.
— Recalculation of taxes, benefits or pensions does not require advance payment, "commissions" or "security transfers", and identity verification is never carried out by transferring codes or passwords to third parties, — concludes Anna Golushko, senior analyst at the Positive Technologies research group.
Переведено сервисом «Яндекс Переводчик»
