Cadre voice: scammers use track records to "divorce" pensioners
Fraudsters began using a new scheme that requires significant training and accurate data on the track record of a potential victim, usually a pensioner. As one of the victims told Izvestia, she was added to the chat, where her former colleagues were already allegedly present, and asked to confirm her personal data "to update the personnel archive." Moreover, the names and photos of the participants coincided with the data of real people with whom the pensioner worked many years ago. See the Izvestia article about how the new fraudulent scheme works and how to protect yourself from it.
How fraudsters use HR Department data
Pensioner Elena Ivanova (name changed at the request of the victim) She told Izvestia that in September 2025, she was added to the Telegram chat, where her former colleagues allegedly already existed. The names and photos of the participants matched the data of real people with whom the woman once worked at a Moscow private school.
— There was a list of five people who used to work at this school, — said the interlocutor. — Each had a surname, first name, patronymic and date of birth. They wrote that the school was digitizing employee data and needed to confirm personal information.
Moreover, the alleged headmaster of the school joined this request — there was a photo of him on the avatar, the pensioner added.
"Digitization concerns all members. An instruction was received to remove former participants from the database and create an up-to-date registry. I ask everyone to confirm the details during the day to avoid problems," the scammers wrote in a shared chat.
One by one, the "former colleagues" who were in the chat began to reply that their data was correct, and Elena also sent confirmation. After that, the pensioner was asked to follow the link to the bot and send a four-digit code, which he would give out. As soon as the woman handed over all the data, insults and obscenities rained down on her — the scammers threatened to "take out a bunch of loans on her and leave her to live on the street."
— And then an employee of Gosuslug allegedly calls me and says that my personal account has been hacked, although I am not even registered there. She said she would contact me by phone with Roskomnadzor, the personal data protection department. They informed me that a power of attorney for loans had been issued on my behalf," the pensioner said.
The power of attorney, which contains the pensioner's passport data, SNILS and INN, turned out to be issued to Russian actor Kirill Kanakhin, who is listed as a terrorist and extremist.
"The trustee is allowed to manage the treasury account — to perform all operations on this account, in particular, to make bank transfers, receive funds with interest and sell real estate," the document says (Izvestia has it).
According to Elena Ivanova, she was saved by the fact that she immediately told her niece about the incident. With the help of a relative, the pensioner issued a ban on loans to the MFC on the same day and blocked her bank card.
— We immediately began to act. After that, there were no more calls or messages. They wrote a statement to the police — a woman who was deceived by fraudsters for 2 million rubles addressed them in front of me," the pensioner shared.
How employees of companies are deceived
Scammers often use similar schemes to deceive potential victims. In the fall of 2025, employees of a large company in Moscow were attacked via Telegram in order to gain access to "Public Services."
Cybercriminals created a chat on behalf of the head and technical department of the company, and then added several employees there.
"Current and former senior employees were offered to first switch to a special bot and provide the key in order to "digitalize their work experience." And then they ask for a text message code allegedly from Gosuslug. Fake employees are starting to send "keys" to the chat, provoking them to follow their example," the company's information security department warned.
The main purpose of fraudulent attacks is to get hold of information that can be used to get money, said Maxim Kolesnikov, a leading information security expert at Aitiangel.
— If scammers know the full name of one employee, they can write a letter on his behalf that will not arouse anyone's suspicions. For example, with a request to send a list of smoking employees with positions and phone numbers. The answer will reveal the picture of who is working with whom. And then it's easy to find these people on social networks and use their other data and photos," the specialist explained.
Criminals can also send letters to employees of companies, allegedly from the human resources department, asking them to "send their passport details for the award."
— It's even worse when an accountant gets a malicious file on his work computer — through phishing or other social engineering measures. Unfortunately, in small organizations, even an antivirus tool is not always present among the technical protection measures, not to mention more advanced products," said Maxim Kolesnikov.
How to protect yourself
Cyber attacks have become more personalized, confirmed Phishman CEO Alexey Gorelkin. This became possible because massive leaks of banks' databases or any services, including government ones, regularly occur.
Regular leaks include "penetration": when greedy employees of mobile operators sell information about subscribers, as well as leaks of databases of government organizations and medical institutions.
— The reason is often the same — data is being leaked by individual employees for the purpose of enrichment. The attackers now have a lot of data, not only about residents of Russia, but all over the world, so the problem is global. Artificial intelligence allows criminals to work with such data arrays: it allows them to classify data very quickly and link them together," the expert explained.
Large drains from ordinary companies, according to Alexey Gorelkin, may be the fault of insiders. If the company has more than 500 employees, then the attackers already have information about all employees.
— This happens most often because of low cyberculture: Employees use their unsecured home devices for work purposes, which entails serious risks. A person can come under attack that is not related to the employer at all, but in the end puts the company at real risk," he noted.
Cybercriminals face up to ten years in prison under the article on fraud, says Alexander Kiselyov, a trial lawyer and managing partner of the PROV law firm. If they used the victims' personal data or hacked accounts, the time limit will be extended.
The options for using information obtained by criminal means in the future depend on the information collected and the ability of the victim to pay, added trial lawyer Ilya Vasilchuk.
— In this case, the range of fraudulent schemes can be huge — from the old one, where the victim is convinced that she was involved in a criminal group at her old place of work while performing her work duties and, in order to avoid punishment, must help the "Russian justice" catch the real scammers, to the banal forgery of documents using named copies and using these forgeries for making loans and selling real estate on behalf of the victim," he said.
According to Alexander Kiselyov, pensioners are an easy target because they do not check the sources of messages and "trust the past" — they tend to believe those who supposedly remember their work. In addition, scammers create the illusion of urgency by exerting psychological pressure.
The specialist advises checking such "colleagues" — to call a real person at a number you know.
— Do not share your data. Neither the bank nor government agencies require a CVV code or passwords over the phone. Enable two-factor authentication in messengers to prevent hackers from hacking your account. File a police report immediately after the incident. The sooner the account blocking starts, the higher the chance of getting the money back," he said.
Fraudsters have been collecting data about victims through social networks or database leaks for years, so access to profiles should be restricted and passwords changed regularly, Alexander Kiselyov noted.
Starting in 2024, Russia has increased penalties for phishing, and banks have been required to implement an "anti-fraud" system to block suspicious transactions. However, the problem remains acute: Only 10% of the victims manage to return the stolen goods, the expert noted.
Переведено сервисом «Яндекс Переводчик»
