Experts warn that scammers have escalated a double-call tactic designed to breach Russians’ accounts in government services. This development has been noted by security professionals as becoming more common in recent weeks. The scheme relies on a carefully staged conversation that starts with a phone call and is followed by a formal notification sent by mail or email. The attacker aims to coax the victim into submitting a verification code or one-time password that will arrive via text message, leveraging the illusion of an official process to prompt quick action.
The process typically begins with a caller who pretends to be a staff member from a government agency. They promise to send an important notification to a mailbox or a specified email and insist that to complete an application or to finalize a service, the recipient must enter the verification code received by SMS. The message the attacker claims to deliver is framed as a legitimate step in a government procedure, which creates a sense of gravity and authority. The recipient is told to be ready to input the code as soon as the SMS arrives, with the implicit suggestion that any delay could jeopardize an benefit or service. This setup makes the interaction feel formal and routine, reducing initial skepticism and increasing the likelihood of compliance.
If the target becomes suspicious and ends the call, the scammer will typically recontact after a short interval, again claiming to be calling from a government agency. The second call is designed to confirm that the earlier conversation was real and that the target’s account has already been compromised. The attacker then asserts that the only way to protect the data is to provide the SMS verification code. The double-call approach relies on the victim’s memory of the first exchange to lower doubt and raise the probability of handing over the code.
Experts emphasize that the tactic preys on psychological pressure and the trust people place in public institutions. The pressure can be subtle or overt, and it often comes with a sense of inevitability—if a response is not immediate, consequences will follow. In this context, individuals who feel anxious about government procedures or who are exposed to persuasive language are more likely to surrender the code. The double-call method exploits a natural tendency to rely on authority figures, especially when the message uses formal wording, polite tone, and clear, step-by-step instructions.
During recent months, such calls have accounted for roughly a third of all related attacks, according to security trackers. The tactic tends to surge during tax seasons when people are worried about deadlines and penalties. Attackers exploit the heightened activity around property taxes and other obligations, knowing that fear and haste can undermine careful verification.
Citizens have a tight window to settle property taxes, with deadlines approaching in December. In this case, the payment deadline is set for December 2. The time pressure makes the scheme more dangerous because people are more likely to rush through steps without verifying the sender’s identity.
Officials warn that threats of tax non-payment are a classic tactic used to push targets toward sharing verification information. Anyone who receives an unsolicited call should pause, verify the sender through official channels, and never disclose a verification code. A calm, careful approach and adherence to official contact methods can help prevent account compromise and protect personal data.