Translation. Region: Russian Federation –
Source: Moscow Government – Moscow Government –
An important disclaimer is at the bottom of this article.
December is the month of massive online New Year's sales. Many stores, brands, and marketplaces offer big discounts or lucrative loyalty program promotions. The pre-holiday rush and the desire to buy goods and gifts for friends and family at a great price can lead to inattention. Fraudsters take advantage of this: they base their purchases on genuine sellers' offers and use tricks and manipulation to deceive buyers. Project experts Call me back yourself Department of Information Technology of the City of MoscowThey reminded us of cybersecurity rules and explained how to distinguish a good offer from a scam.
"Scammers often use the same techniques in their schemes: they play on emotions, exploit high demand and hype, and send links to phishing sites or fake promo codes. A little vigilance and adherence to simple digital security rules can help protect customers' payment and personal information. To make the shopping experience enjoyable and safe, we've prepared a guide for adults and children when shopping online," said Valentina Shilina, project manager.
These recommendations will be useful when shopping on any platform, as scammers use a variety of online channels to perpetrate their schemes: marketplaces, social media, email newsletters, and fake store websites.
Common scams
Whether it's stealing money, obtaining bank card details, personal data, or access to social media accounts or government services, criminals employ a variety of tricks.
Experts from the "Call Back Yourself" project have identified the most popular schemes:
— viral videos on social media. The videos offer to earn money by clicking a link and participating in promotions on major e-commerce platforms. The tasks can be varied: filling out a form, paying a fee to join a club, or purchasing products. As a result, the user loses access to their personal account on the government services portal or online store website, their money, and even their personal data, which can be used to hack other accounts;
— spam mailings disguised as promotions from well-known brands. They are sent via private messages on social media, instant messaging apps, or by email. The user clicks the link, provides personal and bank card information, and pays for the purchase. As a result, they are left without money and without the product;
— Fake posts about giveaways. Scammers create fake social media accounts and post about winnings, free gifts, opportunities to win valuable prizes, or earn large sums for simple actions. They use fake comments to create excitement. The link ultimately leads to fraudulent websites, where people enter their bank card details and pay for goods they will never receive;
— Order cancellation due to a "technical error." After a buyer places an order on a marketplace or online store, the seller cancels it. Then, they receive a message via private message or email stating that the cancellation was accidental due to a technical issue on the marketplace, but that they can still purchase the desired item at a deep discount via a direct link. In reality, the link leads to a phishing website belonging to a fraudulent seller. This scheme is most often used when ordering expensive items, such as household appliances or smartphones.
— order confirmation by phone. The operator calls and asks for the numbers from the SMS to confirm the order and add the buyer to the store's register, or the courier delivers the gift or order and asks for the code. This is how the scammers obtain a one-time password for the victim's bank account or government services portal.
Signs of fraudulent offers
During sales, scammers exploit emotions and psychological manipulation to lull victims into a false sense of security. For example, they create the illusion of scarcity—shoppers don't want to miss out on a deal and rush to make a purchase—or they exploit the element of surprise: shoppers are overjoyed at a great deal and forget to keep the SMS code confidential. To recognize scams, it's important to be vigilant while shopping online, resist the urge to give in to emotions, and follow simple guidelines.
First, you need to analyze the price. Sales are a period of significant discounts, but prices that are too low are a warning sign. Official stores don't operate at a loss; it's not profitable for them to sell popular and expensive items at reduced prices.
Secondly, you need to check the website. Visit only well-known and reliable sites, and carefully study information about new stores:
— Check the spelling of the website in the input line. Scammers create websites that are duplicates of popular sites with typos, such as extra characters or misspelled words;
— review the contents of the sections: how detailed and high-quality they are, whether there is contact information, whether there are any errors or empty categories;
— evaluate the assortment: stores selling unrelated categories of goods (for example, smartphones and socks) are suspicious;
— search for information about the site on the internet: reviews from other users, entries in the register of legal entities using the specified details.
Safe Payment Rules
A special bank card, which users deposit before placing an order, helps protect their payment details. They can set a daily spending limit on the card at the bank or in the app, protecting you from hacking—they simply won't be able to withdraw large sums.
In addition, the following rules will help you avoid falling for scammers' tricks:
— all ordering steps—choosing payment, delivery, and delivery time—must be completed exclusively on the store or marketplace website. Employees may call back to clarify details and arrange delivery terms;
— the order price is fixed after placement and cannot be changed;
— You should not transfer money to personal cards or e-wallets at the request of sellers in instant messengers, even if they offer a large discount for this;
— SMS codes should never be disclosed to third parties;
If the store doesn't offer payment upon receipt or in-store pickup, you should approach your purchase with extra caution.
Another important recommendation is to avoid installing apps from unknown sources or files sent via private messages. All verified apps are available for download from your smartphone's official app store. If an advertisement requires you to install additional software before purchasing, it's highly likely from a scammer. Downloading such software poses a high risk of losing control of your device and having your personal and banking information stolen.
Five rules of cybersecurity: Moscow Department of Information Technologies experts have compiled a guide to protecting against fraud.What to do if you've been scammed: step-by-step instructions from the "Call Back Yourself" project
You can learn more about the methods used by criminals and the tools to combat them from the recording of the webinar of the city online project “Call Back Yourself” about safe shopping on the Internet, as well as from records other seminars.
The project regularly hosts seminars for residents. Experts from relevant agencies and representatives of marketplaces, mobile operators, banks, and other relevant organizations explain how to avoid becoming a victim of fraud and scammers, protect personal data when shopping online, verify the reliability of an online store, recognize warning signs early, and master cybersecurity and digital hygiene skills.
Information online project Call me back yourself was created in 2022 by the Moscow Government in collaboration with the Main Directorate of the Ministry of Internal Affairs of Russia for the city of Moscow. The project's website provides information about upcoming in-person and online events, as well as informational tips and recommendations from experts, recordings of past webinars, and other useful materials. In 2023, "Call Me Back" won the "Best Social Project Website" category of the "Golden Site" competition. It also received the Runet Prize in the "Information Security" category. In 2025, the project received awards from the "Shield and Pen" international competition of the Ministry of Internal Affairs of Russia and the 4th All-Russian competition "Regional Information Security Cup."
The creation and support of information security tools, as well as countering cyber fraud, are in line with the objectives of the national project "Data Economy and Digital Transformation of the State" and the Moscow regional project "Digital Public Administration." More information about Russia's national projects and the capital's contribution can be found at special page.
Get the latest news quickly on official Moscow messaging channels. MAX And Telegram.
Please note: This information is raw content obtained directly from the source. It represents an accurate account of the source's assertions and does not necessarily reflect the position of MIL-OSI or its clients.