From July through November 2023, fraudsters siphoned roughly 47 million rubles from Russians by distributing a counterfeit OnlyFans application. This finding is supported by FACCT research cited by Forbes.
In this fraudulent scheme, the operator uses a false persona to appear trustworthy. After connecting with a target on social networks or via Telegram chatbots, the scammer shares intimate images with the victim. The catch is that the remaining nude photos are supposedly accessible only through OnlyFans. Since OnlyFans is blocked or unavailable to Russian users, scammers push a fake Google Play installation that disguises the malicious app as the legitimate platform.
Once the victim downloads the counterfeit app, a nominal subscription fee of $1 is charged to unlock what appears to be discreet card data. Behind the scenes, spyware runs silently, grabbing SMS verification codes to authorize additional withdrawals. The operation is not limited to Russia; reports indicate similar activity spreading to several European countries.
FACCT identifies at least six fraudulent groups currently employing this tactic within the Russian Federation, illustrating a coordinated, multi-group threat rather than a single isolated incident.
Parliamentary voices have highlighted the ongoing risk of phone-based scams, underscoring the need for heightened awareness and stronger consumer protections across affected regions. The story demonstrates how criminals adapt social engineering techniques to exploit gaps in digital platforms and protective measures, turning trust into a pathway for financial loss. At a broader level, the scheme underscores the importance of verifying app sources, avoiding unsolicited links, and verifying any request for code or private information through independent channels. The consensus among researchers and law enforcement is clear: users should exercise skepticism with new apps that request personal data or payment details, especially when the app mimics well-known services. In the landscape of increasingly sophisticated online fraud, remaining vigilant and following best practices for mobile security can significantly reduce exposure to these schemes [FACCT report attribution].