The head of the MGIMO department, Vitold Yasvin, became a victim of a scam carried out by attackers posing as Wikipedia administrators. This detail comes from the Telegram channel Baza.
The scientist, who holds two doctorates and has received the State Education Prize, believed the scammers had promised him the chance to edit a Wikipedia article after performing a few settings on his phone. Yet, after completing the required steps, Yasvin’s device was blocked and more than 100 thousand rubles disappeared from his bank account.
“The coat of arms of Ukraine appeared on the black screen of the smartphone, and when Yasvin checked the online bank, he learned that 115 thousand rubles had been withdrawn”, reported the editors of the Baza Telegram channel. The incident raised questions about how this scheme unfolded.
Scammers continually devise new methods to deceive people in Russia and beyond. Information security experts strongly advise never sharing authorization data over the phone and never following the instructions given by suspicious individuals.
After discovering the loss, Yasvin contacted the police to report the incident and seek help in recovering the funds and safeguarding other accounts.
Globally, hackers have exploited weaknesses in essential software used for computer forensics and other sensitive tasks, underscoring the need for robust security practices and rapid response to phishing attempts. Modern scams often blend social engineering with technical tricks, making vigilance and verification crucial for anyone who relies on online services.
In this case, the sequence of events began with a lure regarding administrative access to a widely used platform. The attacker targeted trust by presenting themselves as legitimate system managers. The victim was steered through a brief series of actions on a mobile device that seemed routine, but those steps opened pathways to financial loss. The episode illustrates how important it is to verify the identity of anyone requesting access or changes to accounts, especially when those requests come via phone or messaging apps.
Experts emphasize practical defenses that can prevent similar losses. These include never sharing passwords or one-time codes, using strong, unique passwords for each service, enabling two-factor authentication where possible, and keeping devices updated with security patches. Education about common scam motifs, such as impersonation of administrators, can arm individuals with quick reflexes to halt suspicious activity.
For organizations, the incident serves as a reminder to implement layered security controls and clear incident response protocols. Monitoring unusual withdrawal patterns, providing user education on fraud indicators, and offering secure channels for account verification help reduce vulnerability. When suspicious activity is detected, immediate action—locking accounts, isolating devices, and alerting authorities—can limit damage and preserve trust among users.
While this story centers on a single case, the broader message is universal: online environments require cautious behavior, rapid verification, and robust protection against phishing and social engineering. By staying informed and prepared, individuals can better navigate the evolving landscape of cyber threats and protect valuable assets from opportunistic attackers. (Source: Baza Telegram channel)