- Статьи
- Economy
- Vishing on the cake: for the first time in Russia, the share of online fraud has decreased
Vishing on the cake: for the first time in Russia, the share of online fraud has decreased
The share of phishing in Russia in the total number of incidents decreased for the first time — to 69% against 85.7% a year earlier. In 2024, this type of online fraud was generally the most popular among all attack methods. However, despite the decline, malicious activity continues to grow as the schemes become more sophisticated. In particular, vishing is actively used, a type of social engineering in which fraudsters use phone calls using artificial intelligence to lure out confidential information, as well as malware. What other methods are used by the attackers — in the material of Izvestia.
Why have scammers shifted to other types of attacks
For the first time, the share of phishing attacks (Internet fraud in which attackers, under the guise of an official request, try to extort personal data from the victim: logins, passwords, bank card numbers, documents, confirmation codes) decreased in the total number of incidents in Russia - for 10 months of 2025, it amounted to 69% against 85.7% for the same period A year earlier, a data analyst at the .RU/ Domain Coordination Center told Izvestia.Russian Federation Evgeny Pankov. At the same time, the spread of malicious software and the number of attacks aimed at hacking accounts in Telegram and WhatsApp (owned by Meta, a company recognized as extremist in Russia) have noticeably increased, he noted.
— For 10 months of 2025 in the zones .RU and .The Russian Federation blocked 7.3 thousand domains related to the spread of malware. This is twice as much as in the same period of 2024 (3.5 thousand)," he said.
Also, according to him, more than 5.8 thousand domains related to attempts to hack Telegram accounts were shut down, which is 2.5 times more than in 2024.
Despite the fact that this year the attackers have focused on schemes related to the spread of malware and the theft of Telegram accounts, phishing remains a key element in them, which significantly increases the effectiveness of these attacks, the expert noted.
— Phishing links are often used to install malicious applications or download infected files. And accounts in messengers are hacked after the user enters personal data and confirmation codes on fake websites disguised as voting, winnings and gifts pages,— explained Evgeny Pankov.
Companies, information security vendors and the government have been improving prevention measures related to phishing attacks for many years, which gives visible results, so attackers are looking for new methods, said Denis Kuvshinov, head of the Threat Intelligence department at the Positive Technologies security expert center.
If we talk about hacking organizations through third-party companies, then phishing is no longer a key link: attackers need correct access intelligence and well-chosen tools, the expert added.
MWS AI believes that AI has played a key role in reducing the number of such attacks: neural networks detect phishing sites on the Internet in real time.
"AI successfully recognizes audio clips with an accuracy above 98% and is already actively used, including in MTS, to protect users from spam and scams," the company's press service said.
According to their data, now more than half of the users of such services end the conversation immediately after receiving such a warning.
In 2025, measures were taken to protect citizens from fraudsters. Employees of government agencies, banks and telecom operators were banned from using foreign messengers for calls and messages to customers. Call labeling has also been introduced: the phone screen now indicates which organization is calling, such as a bank or delivery service, which helps distinguish useful calls from suspicious ones. In addition, the code from Gosuslug no longer arrives during the call.
What schemes are the attackers' priorities now?
According to Evgeny Pankov, vishing has become the most common type of fraud — when intruders try to extort confidential information through phone calls. The expert notes that children often become victims of such attacks. According to estimates by cybersecurity experts, the estimated damage from such actions in the first 10 months of 2025 amounted to about 850 million rubles. In addition, the Coordination Center of the .RU/ domains.The Russian Federation records an increase in the number of attacks using AI and deepfakes.
Social engineering is at the heart of most attacks today. Mass mailing of "classic" phishing is paying off worse and worse, so attackers are switching to more targeted methods, including vishing, explained Yuri Shabalin, Director of Artificial intelligence technology Development at Swordfish Security.
— The share of vishing and malware attacks will continue to grow. Phone and voice attacks are easily scaled: the attackers' cool centers work almost like a business - with scenarios, plans and a motivation system for operators," he said.
According to him, the development of AI and voice substitution technologies significantly simplifies the imitation of real people — managers, bank employees or colleagues. Therefore, we are not talking about reducing the level of phishing, but about its gradual evolution: from simple emails with links to multi—pass schemes that simultaneously use different channels - phone calls, SMS, messengers, email, fake websites and even fake mobile applications.
Olga Altukhova, senior content analyst at Kaspersky Lab, confirmed the trend of changing tactics — fraudsters are increasingly using new tools, such as AI.
"Social engineering remains at the heart of their schemes: in order to lure users to fake pages or lure out confidential data, attackers frighten potential victims, rush them, or, conversely, offer extremely generous gifts, "easy earnings," she said.
In order to circumvent the tricks of scammers, it is important for the user to remain vigilant, regularly undergo basic cyber hygiene training and always include multifactor authentication, Yuri Shabalin emphasized. According to him, even if an attacker managed to obtain a username and password, the presence of a second factor — a one-time code, a hardware token, or biometrics — significantly complicates the subsequent compromise of the account.
Переведено сервисом «Яндекс Переводчик»
