During the holiday season, a rising gift-card style scam aimed at purchases through March 8 continues to circulate. A cybersecurity expert from the Central Federal District of the Bank of Russia, Aleksey Potekhin, spoke with socialbites.ca about this issue and outlined two additional fraud schemes that have targeted Russians in recent years. These schemes rely on social engineering, psychological manipulation, and the pressure of seasonal shopping to lure victims into revealing sensitive information or making unintended payments. The discussion highlights how scammers adapt to festive spending spikes and the ways consumers can defend themselves when offers seem unusually generous or time-sensitive.
The first deceptive message often arrives as an SMS or a push notification from a familiar marketplace or a well-known retail chain. The lure centers on a supposed gift tied to March 8, with the recipient prompted to answer a handful of questions about products they plan to purchase. After answering, the victim may be asked to specify product details such as type, color, and other attributes via a smartphone input. A subsequent message then instructs the person to install a particular application and register. Some variants grant remote access to collect login credentials for personal accounts accessed on banking apps or government services, while others push the user to subscribe to paid advertising content. The recognized risk there includes potential access to passwords and session data, or simply the enticement to approve a subscription that expands monthly charges.
According to Potekhin, this “gift” scheme employs a blend of social engineering techniques aimed at highly active holiday shoppers. The crooks seem to focus on individuals who spend more during the holidays, calculating that such consumers are more likely to trust a sudden gift offer tied to spending surveys. He stresses the importance of skepticism toward unsolicited offers and cautions people not to click any suspicious links, even if the message appears to come from a familiar brand or friend. The message should be treated with caution; a prudent approach means not engaging with the link, not providing passwords, and avoiding any app installation from unverified sources.
The second scheme, often framed as an March 8 delivery bonus, targets recipients who have already received online gifts. The pattern is straightforward: after a delivery, the recipient receives a phone call from a supposed delivery service representative. The caller claims that a special holiday bouquet is being offered and only requires a small delivery fee, typically quoted as 400 to 500 rubles. Paying this fee leaves the victim without funds or the promised gifts, underscoring how fast money can vanish in a single phone interaction. Awareness of such post-delivery “offers” is essential, and consumers should verify any extra charges directly with the service provider using official contact channels.
A third tactic pushes a user via a messaging advertisement that invites them to purchase a same-day bouquet with delivery. The user is led to complete a form through a link, after which the flowers supposedly arrive at a specified time and address. The form often asks for card details, which are then phished, enabling unauthorized payments. The technique mirrors the same pattern of creating urgency, masquerading as a legitimate delivery notice, and steering victims toward data theft through trusted-looking interfaces.
Earlier reporting from socialbites.ca indicated that fraudsters were already preparing new approaches to siphon funds from Russians before March 8. There have also been prior attempts that used QR codes sent via messaging apps to compromise user devices, with attackers exploiting the familiarity and trust people place in everyday messaging tools. These evolving tactics emphasize the need for continuous awareness, verification of delivery offers, and strict scrutiny of any requests for sensitive information received through SMS, calls, or messaging platforms.