In October 2023, phishing activity within the RuNet surged dramatically, with the number of fraudulent sites increasing threefold year over year. This trend was highlighted by Evgeniy Pankov, an information security expert and project manager for the Coordination Center for the .ru and .рф domain names, during an interview with socialbites.ca. The spike underlines how attackers adapt to seasonal consumer behavior and capitalise on peak online shopping periods.
During October, the Coordination Center processed 8,219 applications from authorized organizations to block potentially dangerous domains. The list included major technology and security players such as Kaspersky Lab, Rostelecom Solar, and FACCT, among others. Pankov noted that this figure represented a record month in the entire history tracked by the Coordination Center, signaling the scale of the challenge faced by Russian cyberspace security teams.
According to Pankov, the request volume in October 2023 was 3.6 times greater than in October of the previous year when 2,240 requests were recorded. More remarkably, the number of blocking actions in October 2023 exceeded the total number of such actions in 2019, which stood at 7,456. The control results for that month showed that more than 8,000 malicious domains operating in the .ru and .рф zones were isolated or blocked, reflecting a 3.7-fold increase compared with the prior year. This rapid escalation underscores the persistent vulnerability of online retail channels during peak shopping seasons and the relentless efforts of security teams to shut down harmful operations in real time.
The data also reveal that approximately 90% of the requests to the Coordination Center were specifically tied to phishing resources. In total, October saw a 229% rise in the number of fraudulent sites on RuNet compared with the same month in 2022. Analysts attribute much of this uplift to Black Friday campaigns and other major pre-New Year sales events, which draw large volumes of traffic and create ripe conditions for scam operators to deploy counterfeit storefronts and deceptive download links. [Analyst briefing, Coordination Center summary]
Experts warn that retail seasonality is a fertile ground for cybercrime. Online shoppers in Russia and neighboring markets routinely rush to complete deals before deadlines, and scammers exploit this urgency by offering fake discounts, counterfeit apps, and cloning legitimate shopping platforms. The heightened activity around late autumn and early winter highlights the ongoing need for consumer vigilance, robust security tooling, and rapid incident response. Security teams emphasize the importance of verifying domain legitimacy, using trusted apps, and avoiding click-through on unsolicited promotions. These measures help reduce exposure to phishing pages and other fraud schemes that proliferate during peak shopping periods.
Alongside the phishing surge, discussions about dangerous WhatsApp clones and other clone-based scams continued to surface as a reminder that fraud operates across multiple channels. Users are advised to stay alert for spoofed messages, suspicious links, and requests for personal information, especially during holiday sales. Maintaining updated security software, enabling multi-factor authentication, and educating users about common phishing tactics remain critical components of defense. [Public security advisories and industry notes]