Pressure of the room: how scammers force victims to call them back

Three new phone fraud schemes appeared in September 2025, in which the potential victim calls the attackers herself, not them. This was reported to Izvestia by cybersecurity companies. For example, scammers send SMS notifications to potential victims about hacking into personal accounts on "Public Services" containing fake support service contacts. This is how criminals circumvent bans on instant messengers and anti-fraud systems of mobile operators. For more information about the schemes, see the Izvestia article.

How scammers operate

Several new phone fraud schemes appeared in September, cybersecurity companies told Izvestia. According to DLBI, a Russian darknet leak intelligence and monitoring service, these are at least three new scenarios in which the victim should call the scammers herself, not them.

The new combinations are based on SMS messages, for example, about hacking personal accounts at Gosuslugi, containing fake support service contacts.

"In addition, phishing emails have again been actively used to initiate contact, including fake notifications on behalf of Rosreestr and the Federal Tax Service about the need to clarify information or pay additional property tax on real estate, which also contains a fake contact center number," said Ashot Oganesyan, founder of the DLBI service. — These newsletters use detailed information about property owners obtained from data leaks.

Also, scammers who stop playing out the scenario, starting with a call to the victim, send password recovery requests on social networks, mail services and Telegram so that the victim receives notifications that give the impression of a massive hacking of her accounts. And then there is an SMS notification allegedly from the security services.

After the victim calls, they tell her about the hack, and then the standard algorithm is launched with a "transfer to a secure account." In this way, criminals circumvent the ban on instant messenger calls introduced in August 2025, as well as the anti-fraud systems of mobile operators. At the same time, calls are received to mobile numbers of Russian operators provided by the owners of so-called SIM boxes (a device that allows dozens of SIM cards to be aggregated in one case and remotely controlled via the Internet).

They got off the hook: scammers refused to create fake cultural leisure sites

What is the reason for this and what new ways of deception are being introduced by hackers?

As Ashot Oganesyan noted, the new schemes make it possible to fully automate the first contact with the victim, but at the same time create high reliability of hacking.

Konstantin Larin, head of the Bastion Cyber Intelligence Department, confirmed that such new schemes have been registered since the beginning of September 2025.

— SMS messages and instant messengers are often used to request a call back. Emails are a little less common," he said. — Most often, such messages are financial or technical notifications, for example, about a large debit or about successful authorization in your account. There is more trust due to the fact that a person is given an imaginary choice — to call or not. In this case, the victim is under psychological pressure in the form of urgency and seriousness of the situation.

The legends of the attackers in the mailings may vary slightly, Kaspersky Lab added. In some letters, fraudsters report that "uncharacteristic actions were performed on the account," for example, personal data (passport, SNILS, INN) was uploaded. In others, a person is notified of a suspicious login or of some kind of power of attorney that was allegedly linked to an account in the service. What unites these messages is that the user is asked to call the specified phone number to contact customer support to check the account's security.

What other schemes have been activated

In September, attempts to compromise online store accounts intensified again, when attackers introduce themselves as delivery services and ask for an SMS code, Konstantin Larin added.

Attackers also often use seasonality and adapt to events that involve a large number of people, BI.ZONE AntiFraud experts added. For example, in the autumn, during the period of tax payments for the third quarter, cases of fraud on behalf of the Federal Tax Service become more frequent. The victim is informed about the "recalculation of taxes" or "new charges" and is sent a link to a phishing site to "receive payments." The user is asked to enter the login and password from the personal account, bank details. As a result, fraudsters gain access to the victim's personal data and money.

With callback schemes, the victim often feels more trust in the interlocutor, who may introduce himself as an employee of a large organization. This gives criminals the opportunity to obtain confidential information or remotely install malware on the victim's device to steal usernames, passwords, and other valuable data.

This method is used in various deception scenarios: from stealing logins and passwords to installing malicious applications. They are then able to encrypt the victim's files or gain full control over her accounts. Attackers not only fake well-known services, but also target large companies in order to gain access to internal corporate systems through employees.

Yandex.Weather in the domain: fraudsters have begun to actively substitute payment details for companies

The number of such incidents has increased by a quarter in a year.

How not to fall for new tricks

Phishing and smishing (a type of phishing using SMS) will soon experience a rebirth, as a large number of fraudulent call centers have lost the ability to make massive outgoing calls, Ashot Oganesyan believes. Therefore, their schemes are processed so that the victims contact them themselves.

"At the same time, we see a simplification of fraudulent schemes," he said. — It is enough to perform any action on a fake website, even just go to it, as criminals begin to claim that you have been hacked and urge you to contact the fake support service. To protect yourself, you need to contact the support of any service not by using the information provided in the letter or SMS, but by using the contacts that you found on its official website.

When a person receives a text message about the hacking of "Public Services", his reactions of fear and haste automatically turn on, said psychologist Olga Kushnareva.

— The rush here is related to the desire to prevent hacking as soon as possible and protect your data. At such moments, rational thinking takes a back seat and a person searches for the fastest solution," the expert said. — If the "support" number is immediately indicated in the message, it seems like a logical and safe step to call there. In fact, the psychological calculation of scammers is simple: they set the rules of the game, and a person in an emotional state accepts them.

This creates the illusion of control, as if the initiative belongs to the victim. But in reality, alertness decreases, and trust in the information received increases. Scammers play precisely on a combination of anxiety "my data is about to be stolen" and faith in government services. Therefore, even critical people in such a situation can fall for the trick.

To protect yourself, it is important to use strong passwords in accounts, not use the same one on different resources, and enable two-factor or multi-factor authentication wherever possible, experts say. In addition, digital hygiene should be observed: do not open suspicious SMS messages and do not click on questionable links.