A new fraud scheme involving bank cards has emerged in the capital. Reports indicate that on October 11 a courier was targeted by scammers during a delivery to a closed medical facility. Access was gained through a secured entry, accessed via a barrier. The incident illustrates how criminals are exploiting familiar workflows to create an illusion of legitimacy and manipulate trusted routines.
The person who placed the order instructed the courier on how to obtain an access pass. The guidance was simple: wait for a text message containing a numeric code, then relay that code to the requester over the phone. This social engineering tactic relies on impersonation and the assumption that the caller is legitimate, leveraging the courier’s reluctance to question official instructions during a time-sensitive delivery.
Following the given instructions, the courier proceeded to the facility with the coded information in hand. Upon arrival, the expected pass was not issued, and the courier quickly realized something was wrong. Soon after, a total of 35 thousand rubles was depleted from the courier’s card through three separate transactions that occurred around the same time the code was conveyed by phone. The episode highlights how cyber and physical fraud can intersect, producing tangible financial loss at the point of service delivery.
At present, investigators have not pinpointed the exact origin of the SMS and the precise mechanics of the fraudulent scheme remain under review. A criminal case has been opened for fraud, and authorities are urging people who travel frequently within the city to remain vigilant. Security experts note that what happened here could recur anywhere that delivery routines blur the line between trusted contact and suspicious requests, especially when mobile verification methods are involved.
Across urban environments, this incident underscores the importance of verifiable procedures and cautious communication. Companies and workers who handle cashless transactions should reinforce identity checks, require independent confirmation for access passes, and avoid transmitting sensitive codes over unsecured channels. In the face of evolving techniques, adopting layered security measures and clear escalation paths can reduce the risk of impersonation and unauthorized access during routine operations. The case serves as a reminder that routine tasks—like accepting an order and provisioning entry—can become opportunities for fraud if proper safeguards are not in place. Maintaining a culture of skepticism, rapid reporting, and ongoing training remains essential for staying ahead of such schemes and protecting both employees and clients from financial harm.