- Статьи
- Internet and technology
- Pancake scam: cyber-fraudsters used Maslenitsa for the first time to cheat on Runet
Pancake scam: cyber-fraudsters used Maslenitsa for the first time to cheat on Runet
In 2025, cybercriminals for the first time used the plot of the "generous Carnival" with the distribution of prizes on the occasion of the holiday, information security experts told Izvestia. In fact, phishing activity is hidden behind fraudulent actions — the victim enters his data on a malicious site, dictates the SMS code to the site manager and loses all his savings. Experts note that scammers are increasingly turning to the themes of national holidays. Experts urge to remain vigilant when participating in such actions and communicating with representatives of "Internet contests".
What schemes are used by scammers
In 2025, cybercriminals first reached the Carnival holiday, a senior analyst at the Digital Risk Protection department of F6 (formerly F.A.C.C.T.) told Izvestia. Maria Sinitsyna. According to her, despite the fact that for scammers every popular holiday is an excuse to create new and improve the deception schemes used, Carnival is an atypical occasion. There are usually no sales, no promotions with gifts and discounts, and in general, the holiday does not have the color of an event related to finance in one way or another.
— Resources that are used for investment fraud have been discovered. They were created on behalf of a real company, and their design uses visual images associated with a traditional holiday. "In honor of Maslenitsa," as indicated on the websites, it is suggested to enter your first name, last name and phone number to "search the bonus lists." This is a standard scheme for an investment scam: as soon as the victim leaves his data on such a site, an attacker calls him, who introduces himself as a personal "manager", opens access to the "platform", persuades him to make a "deposit" to buy shares. The result of such investments is always the same — a complete loss of the deposited money," said Maria Sinitsyna.
To create "Carnival" fraudulent sites, a standard resource template for an investment board was used, which added elements related to Carnival to its design, the expert emphasized. Most likely, for the organizers of the scheme is a "trial balloon", which is used to test the effectiveness of using a traditional holiday, F6 suggested.
The Yandex Browser press service reported that in February, neural networks helped to discover pages with promises of access to an "investment platform" allegedly available on the eve of Carnival. When users try to visit such pages , they see a warning. In addition, some sites stopped working after they were marked as phishing.
— Every month, Yandex Browser warns about 500 thousand people against visiting fraudulent pages with promises of easy earnings. Their creators often adapt their content to seasonal events. This is how they convince visitors that the offer should be used as soon as possible. Neural networks are able to detect signs of phishing pages, regardless of their subject matter," the service's press service told Izvestia.
Cybercrimes during the holiday season
Russians traditionally believe that Maslenitsa teaches generosity and openness, so the more good a person does these days, the more successful their year will be, said Igor Bederov, head of the Information and Analytical Research department at T. Hunter. The authors of malicious mailings in messengers exploit the superstitions of users who are ready to send various "letters of happiness" in messengers, which may also hide links to malicious sites. It is not surprising that criminals began to use, among other things, the Carnival narrative.
— Criminals actively use any significant dates to strengthen the trust of victims. Among them are New Year's Eve and Christmas, March 8, Valentine's Day, Black Friday and Cyber Monday. To mislead, legends about fake gifts or payments, gift certificates and promotions, dating, receiving state or municipal services are used, he said.
As noted by Olga Svistunova, senior senior content analyst at Kaspersky Lab, attackers have become more likely to turn to the topics of national holidays, on the occasion of which fraudulent "sweepstakes" are held on the Runet. Well-known schemes are adapted to current or major events, holidays. Thus they "update" their legends and try to lull the vigilance of users. If we are talking about phishing or scamming, then they may be based on schemes related to supposedly easy earnings, generous promotions and discounts, requests to vote for a particular person and so on. At the same time, visually fake pages can be decorated in the style of certain holidays, and appropriate words can be added to them.
— It is very difficult to constantly monitor new methods of online fraud. Therefore, we recommend that you follow the basic rules of digital security: do not follow links from questionable correspondence in mail, social networks and messengers. Do not enter confidential data, including account verification code, on suspicious resources (for example, when you are asked to verify your account in a messenger to access a platform), — the expert advised.
She also recommended using security solutions that will automatically prevent attempts to switch to a phishing or scam resource.
Переведено сервисом «Яндекс Переводчик»
