Present a set: scammers began to intimidate Russians by blocking the phone
A new fraudulent scheme has appeared in Russia "for the spite of the day," cybersecurity companies have warned. After the Ministry of Finance warned about the introduction of a daily blocking of SIM cards for visitors from abroad, the attackers began sending SMS messages about the alleged inclusion of a "cooling period" of phone numbers. In this case, the link in the message leads to a phishing page. What other schemes are used by scammers and how not to fall for their tricks — in the material of Izvestia.
How the new scheme works
Scammers have come up with a new fraudulent scheme to attack Russians, cybersecurity companies told Izvestia. Mobile phone users began to receive SMS messages about the inclusion of a cooling-off period for their phone numbers, allegedly in connection with traveling abroad, the Russian DLBI darknet leak intelligence and monitoring service explained.
"SMS messages coming from Russian mobile numbers contain a phishing link leading to a fake page where the user is required to log in allegedly through Gosuslugi," they said. — Regardless of the user's actions, after visiting a phishing site, fraudsters begin telephone processing of the victim according to the scheme "your personal account has been hacked".
On November 10, 2025, the Ministry of Digital Officially announced the introduction of a "cooling-off period" for SIM cards of subscribers who returned from international roaming or did not use the connection for more than 72 hours. During the day after the return, such cards operate in a limited mode — the subscriber cannot use the mobile Internet and send SMS. You can unlock access by clicking on the link from the message from the operator and entering a captcha (a test that helps distinguish a person from a computer bot, protecting sites from spam and attacks) on the page that opens, the agency instructed subscribers. An alternative option is to confirm your identity by calling the operator's contact center. The agency explained that the innovation is related to measures to protect against drone attacks. According to the Ministry of Digital Economy, SIM cards with mobile Internet can be used inside the UAV for navigation. The introduction of a temporary lockdown will increase security against such threats, the ministry noted.
Infosecurity (an integrator in the field of information security, part of Softline Group of Companies) also recorded cases of subscribers receiving SMS messages about the blocking of numbers allegedly in connection with their return from abroad. So far, they are not widespread, but the scheme corresponds to the general trend towards the complication of phishing attacks, said Konstantin Melnikov, head of the company's special services department.
While scammers are targeting residents of border regions, it is in them that the scheme is likely to work: the phones of residents of such territories may accidentally hijack base stations on the other side of the border. In particular, residents of the Kaliningrad region who are faced with the inclusion of a cooling-off period when traveling to Russia through Lithuania have begun receiving similar SMS messages. The scammers send letters to the subscriber base of the border region, they receive it on the darknet or on special forums, the experts added.
What else are scammers using?
The appearance of such a scheme was to be expected, as fraudsters actively use the Russian news agenda and quickly adapt existing deception schemes to it, said Ashot Oganesyan, founder and technical director of DLBI. According to him, residents of other border regions will probably receive similar SMS messages in the near future, and in the case of leaks from travel services, residents of central regions traveling around the country or abroad will also receive them.
"The only people who are protected from such text messages are those who have actually traveled abroad," he said. — During the first day, only sites from the "white list" will be available to them.
According to a similar principle, attackers are already using the story of "exceeding the limit on registered SIM cards," Konstantin Melnikov noted.
— After the introduction of restrictions on the number of SIM cards per person, fraudsters began to introduce themselves as employees of telecom operators and convince the person to "verify" the data. The goal is the same — to gain access to an account on Gosuslugi or withdraw money by combining phishing and phone scripts," Ashot Oganesyan said.
Also, on the eve of the last sales, there has traditionally been a massive appearance of fake online stores that are visually indistinguishable from the websites of well-known retailers, the CEO of Secure-T (Solar Group) recalled Khariton Nikishkin.
In addition, attacks on bonus programs of stores have become more frequent. Fraudsters use automated systems to match passwords to customer accounts in order to steal accumulated points and discounts.
— Separately, we can note the scheme with fictitious delivery notifications — now such messages are personalized using AI and look as plausible as possible, — said the expert.
How not to fall for the trick
In the case of social engineering, it is worth distinguishing between the fraudulent scheme itself and the entrance to it — that is, the reason or pretext under which the user is encouraged to follow a phishing link, provide their data, authentication information, said Elix Smirnov, a leading case analyst at InfoWatch Group.
"In this case, the information the attackers are using is quite recent," he said. — And the scheme itself has been known for a long time: the user is informed about the need to check and confirm something, for which you need to click on the link and enter the data, or inform them in a conversation.
Hackers regularly come up with new information reasons for fraud, using any significant dates, news, and so on, experts emphasized.
"It's worth making a habit of never clicking on links sent by unknown interlocutors, no matter who they are," reminded Elix Smirnov.
In general, the principle of zero trust should be adhered to, Konstantin Melnikov added. In other words, any unexpected messages and calls should be checked through independent sources. If in doubt, it is necessary to contact the operator, bank or agency.
Residents of border regions can be advised to disable automatic network search in their devices and fix their home network, Ashot Oganesyan emphasized. This will slightly worsen the quality of communication, as it will disable the possibility of inter-carrier roaming, but it will allow you to completely ignore such SMS messages from scammers.
Переведено сервисом «Яндекс Переводчик»
