Toys are not for children: scammers began to cash in on the popularity of the Lab

In the wake of the rapid growth of interest in original toys, cyberbullies have become more active. Kaspersky Lab has discovered hundreds of fake websites and bots on Telegram that are deceiving users. Instead of toys, there is a loss of money and the risk of personal data leakage. According to experts, it's no coincidence that Labubes have come to the attention of scammers: they have caused a stir among parents, and they are also difficult to find in official stores.

How intruders use the toy Labuba

Since May 2025, Kaspersky Lab experts have found hundreds of fake websites in various languages, including Russian, where you can allegedly buy a toy Lab.

—The attackers lure potential victims to fake resources with generous discounts, catalogs with supposedly original figurines, the opportunity to purchase rare collections and exclusive series of characters," the company said.

Photo: IZVESTIA/Sergey Konkov

Experts showed examples of such sites to Izvestia. On one of them, on the main page, it says "The original Labuboos are already in Russia! Only authentic figurines, fast delivery, quality assurance." In fact, this is a hoax, and if a person enters their bank details on such pages or transfers money directly to the owner of the resource, they risk losing funds.

In addition to websites, fake Telegram bots have also appeared. They promise to win or sell to the Lab, but they require you to subscribe to dubious channels that advertise various scam projects.

Photo: IZVESTIA/Pavel Volkov

Analysts at the DigitalRisk Protection F6 department also discovered Telegram bots at the end of May, in which the popular toy acted as a bait for phishing, they were aimed at hijacking accounts.

— Under the pretext of receiving a gift in the form of a Lubub for a review, the bot offers to share its contact, and then enter the received Telegram code from a "unique user". This is actually an account access code. If a user enters it, they will lose access to their account," said Evgeny Egorov, a leading analyst at the company's digital risk protection department.

How to protect yourself from scammers

We are talking about classical social engineering — you don't need to be a professional hacker to do this, the press service of AppSec Solutions told Izvestia. Most often, hackers use phishing, they try to extort usernames, passwords, and bank card information from people.

— Usually the scheme is this: a fraudster creates a channel, gets a lot of fake subscribers there, buys ads or arranges for placement in other channels to make everything look plausible. Then he posts an ad, for example, about the sale of a rare toy, and gives a link to a fake website store. People switch over, enter their details, pay for the product, and lose money," they explained.

Photo: RIA Novosti/Sergey Bobylev

Sometimes a malicious link can be hidden in an application that is offered to be installed, the press service noted.

It's no coincidence that Labubu toys came to the attention of scammers: they caused a stir among parents, they are difficult to find in official stores. As soon as demand exceeds supply, scammers immediately launch their schemes — they create fake one-day websites, fake accounts on social networks and Telegram bots, offering "latest copies" or "special discounts," said Anna Vyatkina, an analyst at the research group of the information security analytics department at Positive Technologies.

— This tactic does not only work with children's products — scammers exploit the demand for other seasonal and fashionable goods in the same way. Their main trick is to play on the emotions of customers who want to be able to buy a trending item," the expert said.

In order not to become a victim of deception, she recommends following simple rules of digital hygiene: buy things only in trusted stores — large marketplaces, official websites or from authorized sellers.

Photo: IZVESTIA/Sergey Lantyukhov

— Before ordering, check the reviews not only on the site itself, but also on third-party platforms, and also see how long the domain has been registered. If the price seems suspiciously low, it's most likely a trap. Pay for orders using secure methods, or better yet, upon receipt," the expert explained.

The AppSec Solutions press service suggests that you do not access websites from unverified emails and messages, even if you receive a personal discount offer. It is best to visit the site directly — it also helps not to buy a fake by comparing the assortment of the real store with the "burning" offer.

In addition, users must enable two-factor authentication on social networks and messengers, even if the login is stolen, access to the account will remain blocked without the second factor, the experts concluded.