Fraud unveiled at local microfinance enterprise in Khabarovsk: Loan transactions deemed dishonest
Sneaky Swindlers Steal Money from Three Russians in Three Days, Leaving Them Out of Over 1.3 Million Rubles
A little over a million rubles disappeared from three Russian wallets, and it's all due to a common trick: the "information leak" scheme. The three victims, aged 21 to 41, lost their hard-earned money through a deceptive transfer of funds to "safe accounts".
Two of the victims fell for a phone scam where fake mobile operators tricked them into thinking they needed to renew their service contracts. The third victim was duped by a fake representative from a doorphone services company, who convinced her to upgrade her services.
In all three scams, the victims were lured into handing over the codes from their SMS messages, giving the crooks access to their personal data on the Russian government's Gosuslugi portal. Soon after, they received threatening calls from supposed government employees and bank security officers, warning them of losing their money and offering to "rescue" it on "safe accounts".
The toll from these remote fraudsters totaled around 1.3 million rubles.
Now, a closer look
These days, it's not uncommon for cybercrooks to exploit leaked or stolen personal and financial information for nefarious purposes. One popular method is the use of malware like the infamous SuperCard malware, indiscriminately detected in Russia. This destructive software disguises itself as legitimate NFC-related apps, only to trick unsuspecting victims into installing it through social engineering[1]. Once installed on Android devices, SuperCard steals NFC payment card data (Visa, Mastercard, American Express, and more) and transfers it to attackers[1]. Armed with this data, the criminals can carry out unauthorized transactions at ATMs or transfer funds directly from victims' bank accounts.
The scheme usually unfolds as follows:
- Attackers con citizens into downloading malware disguised as legitimate apps.
- The malware records NFC payment card data by relaying it between the victim’s card and attacker-controlled devices.
- Stolen card data is then exploited to withdraw cash illegally or transfer funds electronically.
- Should the direct ATM withdrawal fail, the attackers still have control over the victim’s bank accounts for additional transfers[1].
These attacks are an unfortunate result of vulnerabilities in NFC technology, combined with the human factor of downloading fake apps.
Russian residents aren't immune to data leaks either, with nearly half (46%) having experienced some form of data breach[2]. This heightened risk of identity theft and financial fraud is a growing concern.
Avoid the trap
To dodge the "information leak" snare, consider the following tips:
- Refrain from downloading apps from unverified or suspicious sources, especially apps that demand access to NFC or payment card functions.
- Be wary of social engineering tricks aimed at persuading users to install malware.
- Secure sensitive financial accounts with strong, unique passwords and multi-factor authentication to minimize the impact of data leaks[3].
- Frequently examine bank statements and transaction alerts for unauthorized activities.
- Equip devices with security solutions to detect and block malicious apps and malware.
- Think about investing in cyber risk insurance as a safety net against losses from these types of frauds, as awareness and popularity are increasing in Russia[2].
In a nutshell, the "information leak" fraud scheme in Russia capitalizes on malware-based theft of payment card data via NFC technology, blended with social engineering. The key to safety revolves around user caution when dealing with app sources, strong account security, and vigilant fraud monitoring.
Citations:[1] Russia Detects First SuperCard Malware Attacks Skimming Bank Data via NFC (Recorded Future, 2025)[2] Study Shows Attitude of Russians towards Insurance against Cyber Risks (Izvestia, 2025)[3] Russians Warned About Dangerous Password Features (Izvestia, 2025)
- The recent case of Sneaky Swindlers stealing over 1.3 million rubles from three Russians demonstrates the importance of personal-finance security in the face of general-news events like cybercrime.
- To safeguard themselves against such incidents, it's crucial for people to remain vigilant when protecting their financial data and investing in measures like cyber risk insurance for added protection.
