In Ukraine, cyber fraudsters are more and more utilizing social engineering to realize entry to cash and accounts. The article describes the most typical sorts of fraud and offers recommendations on safety.
Cyber fraudsters are more and more much less more likely to straight hack programs and extra usually power folks to independently give entry to cash and accounts by means of phishing, fraudulent calls from the "financial institution", faux shops, and malicious purposes. On this materials, UNN has collected the most typical sorts of cyber fraud, key threat indicators, and a quick algorithm of actions if an individual has already turn into a goal of criminals.
Cyber fraud: essential sorts of schemes and learn how to acknowledge them
At the moment in Ukraine, criminals most frequently don’t hack units or disable safety programs, however power an individual to carry out the required motion independently: observe a hyperlink, present a code, set up an utility, or switch cash. In line with estimates from the banking and monetary sector, a good portion of incidents fall beneath social engineering, the place the operation is confirmed by the professional account holder.
Phishing: faux web sites, emails, and messages
Phishing refers back to the extraction of knowledge by means of faux sources or messages that resemble official ones from banks, marketplaces, authorities providers, or supply providers. Cyber fraudsters do that by means of:
- emails;
- SMS (smishing);
- calls (vishing);
- messages in messengers and social networks.
A separate threat is quantity spoofing, when a fraudster's SMS is pulled into the identical thread as financial institution messages, and the particular person perceives it as credible.
keep away from phishing
- test the web site handle earlier than getting into any knowledge;
- don’t observe hyperlinks from SMS/messengers in messages about pressing actions, funds, compensations, account confirmations;
- open the positioning manually or by means of the official utility;
- don’t enter cost knowledge on pages accessed from ads or unverified messages.
Faux on-line shops and non-delivery of products
Probably the most widespread schemes in Ukraine, particularly on marketplaces and in ads, is faux gross sales. The client pays for the products in full or makes an advance cost, after which the vendor disappears.
Among the many widespread schemes, the cyber police particularly point out non-delivery of products, phishing, and "calls from the financial institution."
In 2025, faux sellers and shops additionally figured among the many most common dangers in on-line buying.
Protected on-line buying: what it’s good to do
- don’t make advance funds to unfamiliar sellers on classifieds providers with out transaction safety mechanisms;
- favor money on supply or cost by means of platforms with official instruments for purchaser affirmation and safety;
- test the vendor: historical past, evaluations, availability of official contacts, and return coverage.
"Name from the financial institution" and extracting one-time codes
On this "scheme," the fraudster pretends to be a financial institution worker or a monetary establishment's safety service, studies a supposedly suspicious operation, and asks for:
- code from SMS;
- CVV;
- password;
- affirmation within the utility;
- set up of "protecting" software program.
The cyber police emphasize: in actuality, the financial institution doesn’t want your one-time codes, as this contradicts the very thought of their use. And the NBU particularly highlights guidelines that assist keep away from such situations.
Calls "from the financial institution" or "safety service": learn how to defend your self
- when you obtain calls with messages a few suspicious operation and are requested for codes or different private knowledge, instantly finish the dialog;
- name the official financial institution quantity your self, indicated on the cardboard, within the utility, or on the official web site;
- don’t observe directions that contain putting in applications for alleged verification, safety, or distant help.
SpaceX blocked hundreds of Starlink terminals utilized by cybercriminals24.10.25, 03:01 • 4144 views
Malicious purposes and distant entry
A typical mechanic: an individual is shipped a hyperlink to a supposed banking replace, supply, cost verification, or low cost. However in actuality, it's a program that intercepts SMS or offers distant entry to the sufferer's smartphone. Then, attackers achieve management over accounts and funds. Of their messages, criminals usually press on urgency and concern of dropping cash, as this accelerates errors.
safe your cellphone and accounts
- allow two-factor authentication (2FA) for e-mail, banking providers, social networks, and messengers. If potential, use an authenticator app as a substitute of SMS;
- usually replace your working system and purposes;
- set up purposes solely from official shops (Google Play, App Retailer);
- don’t set up APK recordsdata from hyperlinks in chats or SMS;
- configure hiding the content material of messages with affirmation codes on the lock display;
- use distinctive robust passwords for every service;
- if potential, use a password supervisor.
Monetary quantity hijacking (SIM-swap) and entry restoration assaults
If a cellphone quantity is linked to a financial institution, e-mail, and social networks, its loss or re-issuance to an attacker opens the way in which to password restoration and code interception. The problem is so painful that separate initiatives had been mentioned in Ukraine to cut back fraud round monetary numbers.
Safety towards SIM-swap
- arrange a further password/code phrase for SIM card operations with the cellular operator, if such an possibility is on the market;
- cut back the dependence of providers on SMS affirmation: use authenticators and backup codes;
- react to threat indicators: sudden lack of connection with out technical causes, absence of SMS, incapacity to make calls. In such a case, it’s best to instantly contact the operator and the financial institution.
Funding "initiatives", pseudo-brokers, and crypto schemes
A typical situation for fraudsters is promoting assured earnings, insider info, and a private supervisor. First, they ask for a small contribution, present the sufferer "revenue" in an digital account, after which encourage them to extend the deposit. On the stage of withdrawing funds, taxes, commissions, and verifications seem, which additionally should be paid.
Thus, the particular person loses each the deposit they gave earlier with the hope of revenue, and the cash that supposedly went to pay the "fee."
forestall a ransomware assault: ideas from the cyber police02.12.25, 16:40 • 55525 views
Job fraud as drawing Ukrainians into prison complicity
A separate class of on-line threat is presents of straightforward work involving transfers, cash-outs, or opening playing cards or accounts "for the corporate." An individual can be utilized as a "cash mule" (an middleman for cash laundering).
Faux help providers on social networks and messengers
Fraudsters create clone pages of manufacturers and help that’s the first to jot down in feedback. Then they ask to fill out a type, affirm an account or cost, go to a personal chat the place they extract knowledge.
What to do when you clicked "the improper factor"
- Instantly block the cardboard and entry to banking and alter passwords for e-mail and key accounts;
- Log off of all units (the place obtainable) and allow two-factor authentication;
- Should you put in an utility or gave distant entry, disconnect from the web, delete suspicious gadgets, test the gadget, and if vital, reset to manufacturing unit settings;
- Contact the financial institution and file a report with the cyber police.
Recall
Earlier, we wrote that North Korean hackers set an anti-record in 2025, stealing $2 billion in cryptocurrency. This accounts for the lion's share of worldwide crypto thefts, which totaled $3.4 billion.