- Статьи
- Internet and technology
- Love before fraud: scammers have developed a scheme with "Durov's valentines" by February 14
Love before fraud: scammers have developed a scheme with "Durov's valentines" by February 14
A new fraud scheme has appeared in the Russian segment of the Internet on the eve of Valentine's Day. Since the beginning of February, attackers have been distributing videos on TikTok and Telegram offering to receive a "secret valentine from Pavel Durov." When clicking on the link, the user gets into the Telegram bot, where he is offered to take a short survey with a choice of a "gift", agree to participate in the promotion and subscribe to several channels. One of them leads to a phishing site allegedly with a prize draw, where the victim is asked to enter his bank card details. Cybersecurity experts warn that last year, similar schemes timed to coincide with the holidays caused millions of rubles in damage to Russians. About how scammers have upgraded the "fake date scheme" and why it works again - in the Izvestia article.
How to cheat with fake gifts
A new fraudulent scheme dedicated to Valentine's Day is spreading online. Attackers publish videos on TikTok about an allegedly "secret valentine from Pavel Durov" promising a Telegram Premium subscription or "stars" as a gift to a partner. Links from the video lead to Telegram, where users are offered to "activate the valentine card": complete a survey and subscribe to more than 30 channels and bots presented as sponsors of the campaign.
One of the links redirects to a phishing site disguised as a prize draw from a well-known marketplace. After imitating the winning of equipment in the amount of about 200 thousand rubles, the victim is offered to "exchange it for money", enter the bank card details and pay a fictitious "fee" of about 2 thousand rubles. As a result, the user loses funds, and in some cases, access to his Telegram account.
As Igor Bederov, the founder of the Internet Search company, noted, users lose tens of millions of rubles annually from direct embezzlement in holiday schemes. At the same time, the cumulative damage is significantly higher and includes the compromise of digital identity, reputational risks and the development of criminal infrastructure, since such schemes work not only for quick income, but also for the long-term scaling of cybercrimes.
— Scammers have moved from "romantic" profiles to distributing bonuses and imitating technical support. This shifts the focus from emotions to greed and fear of losing access, expanding the audience. Gamification, automation of selection and work with specific clusters of victims are used," he added.
Additional risks include debiting funds and compromising bank data and Telegram accounts, as well as artificially increasing the audience of fraudulent resources, which are then used in other schemes, analysts at the Digital Risk Protection department of F6 noted.
According to Alexey Mironov, a leading specialist in the research and development department of Stakhanovets, even with an average "duty" check of about 2 thousand rubles, direct losses can reach tens of millions due to the mass and high marginality of such attacks.
— In Russia and the world, the damage caused by "romantic" scams is estimated at millions of dollars, although an accurate assessment is difficult due to the low turnover of victims. Nevertheless, by 2025, several large groups had stolen more than 300 million rubles in this way," recalled Sergey Polunin, head of the Gazinformservice IT infrastructure Solutions protection group.
According to him, fraudsters' technologies are constantly evolving: instead of text messages, videos on social networks are used, the attack cycle itself is becoming more complicated and prolonged, and cryptocurrency is increasingly being used to make it difficult to refund funds.
BI.ZONE notes that the scammers adapted their scheme on the eve of Valentine's Day.
— Probably, to open a valentine card, users will need to log in to the messenger page. In this way, attackers can hijack victims' accounts," explained the head of BI.ZONE Digital Risk Protection Dmitry Kiryushkin.
According to one of the fraud victims named Regina, she found a Telegram channel with promises of generous gifts through a regular search and, trusting him, decided to fill out a questionnaire. The bot started redirecting her to other sites with a request to confirm her subscription, and it was there that she was deceived in the amount of 14.3 thousand rubles.
Ways to protect against fraudsters
In 2026, "fake date" schemes have become more complex and cross-platform. Previously, scammers limited themselves to correspondence or phishing, but now they use short videos on social networks, Telegram bots and gamification elements - polls, "drums of luck", virtual gifts. The focus has shifted from instant theft of money to pre-gathering an audience: forced subscriptions, involvement in channels and bots, account compromise. Images of public figures and pseudo-official actions are increasingly being used to increase trust, said Kirill Levkin, MD Audit project manager.
— Last year, fraudsters stole almost 10 million rubles from users in Russia using a scheme with fake dates on holidays — February 14, 23 and March 8. Increasingly, such scenarios start with a video on TikTok and take the victim to other platforms," confirmed Anastasia Knyazeva, a second—line analyst at the CERT department of Digital Risk Protection at F6.
According to experts, the damage from schemes with "valentines" can reach 50-60 million rubles, but the secondary consequences are much more dangerous — stolen accounts and promoted Telegram groups. Attackers can use them for a long time for other fraudulent scenarios that are not related to a specific legend, says Sergey Trukhachev, head of the SBA service at ESA PRO.
— Not only users are at risk, but also companies and legitimate Telegram channels. They can be included in the lists of "sponsors" to increase confidence in the scheme, creating the illusion of the reality of the action, he added.
Alexey Gorelkin, head of cybersecurity at Phishman, believes that hackers actively use deceptions with gifts and Telegram stars, but these schemes are difficult to monetize into real rubles. Therefore, even a possible tenfold increase in such appeals is an example of how "conditionally one" case in 2025 turned into 10 this year.
Complaints about such situations are also received by the hotlines of public organizations. Mikhail Shurygin, chairman of the ROCIT commission on cloud technologies and information security, told Izvestia that any offers of "gifts", Premium subscriptions, "stars" or cash prizes outside the official channels of the platform are almost guaranteed to be fraud.
According to him, the key feature of such schemes is multi—stage: the user is sequentially transferred from TikTok to Telegram, then to the bot and to the site. Each stage reduces vigilance, and the final requirements to enter payment details or pay a "commission" no longer seem dangerous. At the same time, February 14 is only the beginning of the season: similar schemes are activated before February 23 and March 8, changing only the legend.
—In 2025, Kaspersky Lab's solutions blocked more than 2 million attempts by Russian users to follow phishing and scam links distributed only on Telegram," said Tatiana Kulikova, senior content analyst at the company.
BI.ZONE experts recommend to remain cautious and not to trust profitable offers from strangers, not to transmit SMS codes and other personal data, even if we are talking about "gifts" and promotions from famous people.
Переведено сервисом «Яндекс Переводчик»
