March codes: how scammers speculate on the topic of spring holidays

Fraudsters may use various schemes on the topic of spring holidays to deceive Russians, experts have warned. The spring period is traditionally one of the most attractive for intruders, as it coincides with the beginning of active vacation planning, vacations and trips. For more information about what spring vacation schemes to expect from scammers in 2026, what are the dangers of these tricks and how to protect yourself from them, read the Izvestia article.

What is the spring vacation theme interesting to scammers?

The spring period is traditionally one of the most attractive for scammers, as it coincides with the beginning of active vacation planning, vacations and trips, says Anna Golushko, senior analyst at the Positive Technologies research group, in an interview with Izvestia. At this time, according to the expert, the demand for travel services, early booking, trips to children's camps and sanatorium treatment is sharply increasing.

"Several psychological factors play into the hands of intruders during this period," the expert says. — Firstly, there is a lack of time: people plan the May holidays on a tight schedule and make decisions faster than usual. Secondly, there is a rational desire to save money — scammers are actively creating artificial excitement: "there are two places left", "burning tour", "action only today".

Photo: IZVESTIA/Eduard Kornienko

The attackers offer to urgently purchase last-minute tours, book the best hotels, sanatoriums or popular dates, and focus on time-limited promotions or a small number of places, explains Anna Golushko. A separate and especially vulnerable audience in the spring is parents of schoolchildren who are looking for options for children not only for the May holidays, but also for the summer season.

Vacation without a permit: how fraudsters cheat on obtaining visas

The attackers take advantage of the tourists' desire to receive documents quickly and reliably

What schemes on the topic of spring holidays to expect in 2026

In the spring of this year, the appearance of new "vacation" schemes cannot be ruled out, however, most likely, attackers will adapt classical techniques and scenarios to the current information agenda, the head of BI believes.ZONE Digital Risk Protection Dmitry Kiryushkin. According to preliminary forecasts, scammers will create websites that mimic the resources of tour operators, send phishing emails with burning offers, and post tempting promotions on messengers and social networks.

— BI.ZONE Mail Security specialists analyzed the mail traffic for March 2026 and found out that the total amount of spam in a number of tourist categories increased by 12% compared to February, — says the interlocutor of Izvestia. — The number of letters related to flights increased by 17.6% compared to February.

Photo: IZVESTIA/Sergey Konkov

According to Dmitry Kiryushkin, Turkey, Egypt and Altai were the most common mailing lists — collectively they showed an increase of more than 2.4 times. Against this background, an increase in the share of thematic spam increases the risks: in the general flow of emails, it is easier for the user to skip a fraudulent message disguised as a real offer. In turn, Konstantin Gorbunov, an expert on network threats and a web developer at the Security Code company, expects that this spring the traditional arsenal of scammers will continue to actively use AI to create realistic video reviews about hotels or recreation centers with huge discounts.

There is also a high probability that schemes with fake ads in social networks such as "burning tour", "vacated camp space", "sanatorium at a discounted price", "rent an apartment by the sea cheap and without commission" will increase. After the transfer of the advance payment, the ad is deleted, and the account is blocked or changed, the specialist says.

— Another expected trend is schemes with fake returns, — Konstantin Gorbunov notes. — For example, the buyer is informed that the tour has been canceled, the payment needs to be refunded, and for this they are asked to click on the link and enter the card details. Technically, it looks like a refund, but in fact it becomes a way to steal payment details.

What schemes on the topic of spring holidays have you encountered before

Meanwhile, scammers have tried to speculate on the topic of spring holidays before. In particular, as Maria Mikhailova, head of the Angara MTDR brand protection group, says in an interview with Izvestia, last year the attackers actively created posts and advertisements on social networks and messengers, as well as infiltrated travel chats where people shared information about the experience of staying in hotels, hiring guides and even currency exchange.

Photo: IZVESTIA/Sergey Konkov

— The scammers posed as experienced travelers who were looking for fellow travelers to share the cost of the trip and the services of local guides, — says the expert. — As a result, the victim could be asked to transfer money to an individual's card or click on a phishing link to the website "for registration" of the tour.

In addition, social engineering through communities has been actively used in recent years, for example, by distributing links to supposedly verified children's camps in parent chats, adds Anna Golushko. All these schemes are united by one key element — the need for a quick prepayment without the possibility of full verification.

Cash experience: fraudsters began to deceive Russians on vacation under the guise of exchangers

They find victims in special country chats.

According to Maxim Fedosenko, a leading analytical engineer at the Gazinformservice Cybersecurity Analytical Center, fraudulent schemes on the topic of spring holidays affect a wide range of the population — everyone who dreams of rest, comfort and benefits, including parents who choose camps for their children, is under the gun of scammers.

— The risks of such schemes are twofold, — says the expert. — Firstly, these are direct financial losses from the transfer of "deposits" and prepayments to intruders. Secondly— the compromise of personal data: if the victim enters a password from Gosuslug on a fake portal, fraudsters will be able to gain full access to her digital profile.

Photo: IZVESTIA/Anna Selina

In the hands of fraudsters, this information becomes a "springboard" for Account Takeover attacks (a type of cyberattack in which attackers gain unauthorized access to someone else's online account), Maxim Fedosenko notes. In this way, attackers can later intercept the management of the victim's banking applications, issue loans in her name, or make her an unwitting accomplice in other fraudulent schemes.

Oriental tales: how scammers speculate on the topic of "burning tours" due to the war in Iran

The attackers are taking advantage of the excitement and the rush of anxious tourists

How to protect yourself from Spring Vacation fraud schemes

The methods of scammers speculating on the topic of spring holidays change little and rely mainly on social engineering techniques, says Olga Altukhova, a cybersecurity expert at Kaspersky Lab. In such circumstances, it is especially important to be critical of overly profitable or, conversely, disturbing messages, as well as not to enter confidential data on questionable sites.

— In addition, it is worth using security solutions that will warn you about an attempt to switch to phishing or scam resources and install malicious software, - says the interlocutor of Izvestia. — For additional account protection, it is recommended to use complex, unique passwords and enable two-factor authentication.

It is important to always pay attention to the legal entity and the domain from which the letter or offer comes, adds Konstantin Larin, head of the Cyber intelligence Department at Bastion. You should not transfer payments to individuals — it is better to use official services. You should also avoid "too profitable" offers. A separate bank card with a spending limit will help protect funds from intruders. And besides, it is forbidden to tell outsiders the codes from SMS messages and follow suspicious links received from familiar and unfamiliar contacts.

Photo: IZVESTIA/Yulia Mayorova

In turn, Maria Mikhailova recommends that you carefully study the sources of information when renting a home: it is better to check whether such a hotel, holiday home or apartment complex exists. It is likely that the beautiful view from the luxury room is just a figment of a fraudster's imagination, realized using an image generator. And it is worth buying tickets for travel or an airplane only on the official websites of carriers. Discounted ticket offers to popular destinations during the peak holiday period may be a trick of intruders.

— To protect against spring vacation schemes, it is necessary to use protection technologies from telecom operators, as well as to remain vigilant in any situations related to the request for personal data or money, — MTS Defender experts conclude.