Translation. Region: Russian Federation –
Source: Moscow Government – Moscow Government –
An important disclaimer is at the bottom of this article.
What information about yourself should you avoid sharing, and what steps should you take to ensure your online safety? On International Data Protection Day, celebrated annually on January 28, project experts Call me back yourself We reminded you of simple rules of digital hygiene that will help protect you from cybercriminals.
"Seemingly harmless actions can lead to loss of access to website accounts, financial losses, and reputational risks if personal accounts on messengers and social media are hacked. Users often enter their personal information on dubious resources or publish personal data publicly. This allows attackers to use this information to hack accounts on various resources, employ social engineering to convince users to transfer money or perform certain actions. Furthermore, fraudsters can take out a loan or microloan using passport information, send messages with phishing links from hacked accounts, blackmail victims, and much more," said Valentina Shilina, head of the "Call Me Back" project at the Moscow branch of the Internet Security Service.
Department of Information Technology.
Personal data is information that identifies a person. In other words, it's information that directly or indirectly relates to a specific individual: full name, date and place of birth, address, passport details, diploma details, and other official documents, phone number, email address, and other contact information, photos, videos, voice recordings, fingerprints, account logins and passwords, PIN codes, website browsing history (cookies), and much more. This information, especially when combined, allows attackers to create a detailed profile of a person, so it should not be published publicly, shared with strangers, or transferred to third parties. For example, a leak of passport data or the transfer of access to bank accounts can lead to financial losses: loans, microloans, and savings are transferred to third-party accounts in the victim's name.
Information about a person's birthplace, education, or numerous publicly available photographs on social media may seem harmless. However, by collecting bits of data about a potential victim from open sources, attackers can build a profile of the individual, which can be useful in carrying out their fraudulent scheme. This makes it easier for them to establish trust, pretend to be an acquaintance or representative of an official organization, guess passwords to accounts, and use various psychological tricks to extort information or money based on the obtained information. Furthermore, when a social media or messaging account is hacked, publicly available photos, videos, and audio materials can be used to create a deepfake—a generated video or voice message sent to the victim's contacts, asking them to transfer money or perform certain actions on an unfamiliar website. As a result, the number of victims increases, and the user suffers not only financial losses but also reputational damage.
However, this doesn't mean you should delete all photos and personal posts from your social media pages. Security is built differently. To protect your personal data from leaks, you should follow a number of rules. For example, it's important to set unique and complex passwords wherever possible—long combinations of numbers, symbols, and uppercase and lowercase letters. Popular passwords, such as a phone number, date of birth, your first and last name, the word "password," or a sequential combination of numbers or letters, are unsuitable: they are too easy to crack. Passwords should be updated regularly in case of information leakage or hacking of the resource itself.
It's important to keep your devices' apps and operating systems up to date: developers create and strengthen internal security tools, implement technical updates to data encryption to protect their users, and anticipate new fraudulent schemes. Furthermore, it's important to set up two-factor authentication in apps, messaging apps, government accounts, social media, and other resources to reduce the risk of hacking.
If a user plans to change their phone number, they should first unlink it from all accounts: government and city service websites, banks, marketplaces, and messaging apps. This will reduce the risk of hacking and financial and reputational losses.
On social media and messaging apps, it's important to configure settings that control who can access your personal information and published content. Additionally, in messaging apps, it's a good idea to limit who can send messages to, for example, only those in your contact list. Settings include an option to disable automatic downloads of media, including photos, documents, videos, and other file types. This will prevent you from accidentally downloading and running malware.
Experts recommend installing a reliable antivirus on your devices. This will not only block the installation of malware but also report suspicious links and scan information received in messages.
You should be especially careful and vigilant with messages and calls received from unknown numbers: do not click links, and verify the resource and information. Banks, government agencies, mobile operators, and other reputable organizations do not send important notifications via messaging apps without prior approval from the office, do not call from unknown mobile numbers, and do not rush decisions. If someone asks you to provide a password from an SMS or update confidential information, it's a scam. In any unclear situation, it's best to pause the conversation and double-check by calling the organization's official number listed on the company's website or in the app.
Learn more about how to protect your personal data, simple steps to avoid fraud, and a psychologist's recommendations for recognizing attempts at manipulation and deception from the webinar recording. "How to protect your personal data from fraudsters? Personal data abuse: how to protect your information?" on the website of the "Call Back Yourself" project. There is also presentation, prepared by experts, with detailed recommendations and descriptions of various situations.
Information online project Call me back yourself Created in 2022 by the Moscow Government in collaboration with the Main Directorate of the Ministry of Internal Affairs of the Russian Federation for the City of Moscow, the project helps city residents protect themselves and their loved ones from telephone and online fraud. In 2023, the "Call Me Back" project won the "Best Social Project Website" category of the Golden Site award. It also received the Runet Prize in the "Information Security" category. In 2025, the project received awards from the "Shield and Pen" international competition of the Ministry of Internal Affairs of Russia and the 4th All-Russian competition "Regional Information Security Cup."
You can learn how to pay for orders online without the risk of data leaks atwebsiteAnd if you need to pay bills for city and commercial services, then you don’t have to worry aboutpayment data security the service will help My PaymentsIt is available on the mos.ru portal and in mobile applications "Gosuslugi Moskvy" and "My Moscow".
The creation and support of information security tools, as well as countering cyber fraud, are in line with the objectives of the national project "Data Economy and Digital Transformation of the State"More information about Russia's national projects and the capital's contribution can be found atspecial page.
Get the latest news quickly on official Moscow messaging channels. MAX And Telegram.
Please note: This information is raw content obtained directly from the source. It represents an accurate account of the source's assertions and does not necessarily reflect the position of MIL-OSI or its clients.