Experts warned that some of the most dangerous fraud schemes today involve voice calls and messages that pretend to come from law enforcement agencies or central banks. In these ruses, scammers urge victims to transfer money to a secure account, exploiting the authority of trusted institutions. This assessment came from Stanislav Kuznetsov, deputy chairman of the board at Sberbank, during discussions at an international economic forum.
According to Kuznetsov, attackers increasingly target access to government portals and state services. They deploy a variety of pretexts tailored to the target’s age and circumstances. For seniors, a call might impersonate a health service or social agency, while younger individuals could be lured with promises about parcels or letters. The criminals often operate in two coordinated stages: first, one group gains entry to the victim’s personal account and lays the groundwork; then a second group handles loan-related processing to extract funds or further manipulate the account.
There is a real risk that data stolen from a hacked account can be repurposed for additional fraud schemes. Personal information becomes a tool for social engineering, enabling deeper invocations of trust and more sophisticated ruses. This cascading risk means security teams must think beyond a single breach and plan for multiple attack vectors.
To counter these threats, Sberbank has introduced a straightforward defense aimed at stopping unauthorized access. The practical step is to disable the authorization feature on financial portals through the State Services portal. By removing the option for automated access, potential scammers lose a critical foothold and their chances of success diminish significantly.
When it comes to deepfake technology, Kuznetsov noted that it serves primarily as an augmenting instrument in fraud scenarios that are already underway. A convincing video or audio clip can be used to persuade a relative or friend to reveal sensitive information or to authorize a fraudulent transaction. The core danger remains the social engineering channel, where human trust is the key vulnerability.
In related security efforts, the bank has supported a bug bounty program that invites independent researchers to examine the security of its application testing platform. Participants who identify vulnerabilities can receive rewards based on the severity of the issue, with substantial incentives available for critical flaws. This collaboration with external researchers strengthens overall defense by surfacing weaknesses that internal teams might overlook and helps protect customers across North America and beyond.
Beyond institutional actions, experts urge individuals to verify requests for transfers or access by contacting the supposed sender through independent channels rather than replying to the original message. If something feels off, pausing the action and confirming through a trusted phone line or official portal can prevent a costly mistake. Education and ongoing vigilance remain essential components of personal cybersecurity in today’s digital landscape, where fraudsters continue to adapt their techniques to exploit trust and routine habits.
Security teams also emphasize the danger of combining multiple layers of deception. A typical attack may start with a phone call, then an online message, and finally a request to modify security settings or disclose credentials. Each step reinforces the illusion of legitimacy, making it important for users to maintain strict boundaries around personal data, especially when requests originate from unfamiliar sources. By adopting a cautious mindset and using official channels for verification, people can significantly reduce their exposure to these threats.