Translation. Region: Russian Federal
Source: Central Bank of Russia
An important disclaimer is at the bottom of this article.
Fraudsters call people posing as employees of popular marketplaces or couriers. They announce the delivery of a pre-paid item and ask for confirmation of receipt. If the recipient tries to explain that they didn't buy anything, the scammers suggest that the order was likely placed as a gift by someone they know and that the recipient is correct. To make the message more convincing, the fake online platform representatives sometimes provide the recipient's personal information: last name, first name, and patronymic, as well as the delivery address, either their registered address, actual residence, or place of work.
Then, supposedly to confirm the delivery date and location of the order, the scammers ask for a code from an SMS message or push notification. The message, which arrives during the conversation, contains a one-time password from the bank. The scammers use this password to log into online banking and freely steal money from the account.
If you receive such a phone call, end the conversation. Never share codes from SMS messages or push notifications with anyone, no matter who the caller claims to be or what pretext they use to try to find out the contents of the incoming message. Genuine marketplace employees never request passport information, codes from SMS messages, or bank card details.
Please note: This information is raw content obtained directly from the source. It represents an accurate account of the source's assertions and does not necessarily reflect the position of MIL-OSI or its clients.