Bad Santa: scammers profit from the New Year holidays
New Year's Eve fuss is an emergency for cybercriminals. While citizens are making gift lists and looking for profitable offers, scammers have already set up their networks, adapting to the typical behavior of the average person. Experts warn that the number of embezzlements increases dramatically during the holiday season. Criminal trends of the "ice Age" — in the material of Izvestia.
Causes of vulnerability
The period preceding the winter holidays is considered the most dangerous in terms of theft. The thing is that people's spending is increasing dramatically, and it's also a time of bonuses and bonuses. If in the last century, pinchers, hop-stoppers and burglars revived on New Year's Eve, today criminals of a new formation keep their noses in the wind.
"Holidays, and especially New Year— are an ideal environment for cybercriminals,— explains CEO of Secure-T (Solar Group) Khariton Nikishkin. — Firstly, this is a period of massive and often spontaneous purchases, when people make decisions more emotionally in the hustle and bustle. The attention dissipates, and the desire to save time and money increases.
The expert notes that we are surrounded by information noise from delivery notifications and promotions, in which it is easy for a fraudulent message to get lost. And the emotional expectation of gifts and miracles dulls vigilance.
The Disgusting Five
Expert Nikishkin identifies five of the most common New Year's Eve scams.
The first is fake stores.
— One-day websites are being created that clone well-known marketplaces and offer popular holiday products at discounted prices. After the prepayment, the "store" disappears.
The second is false pranks. On social networks, they offer to win a car or a smartphone, but you need to pay a "commission" to receive it.
The third is the sale of non—existent services. Booking hotels, tickets to the ballet "The Nutcracker", booking animators.
— The attackers take an advance payment, referring to the hype, and disappear on the eve of the event, — says the expert.
The fourth is phishing on behalf of banks. Calls and text messages threatening to block the account under the pretext of "expiration of documents" in order to extort card data.
The fifth is hacking accounts in messengers. A message from a "friend" asking you to vote for a child's craft. The link for "voting" actually leads to a phishing page for stealing login and password.
Related risks
An accompanying goal of criminals remains the compromise of digital identity for multi-pass schemes, says Artemy Novozhilov, architect of information security systems at the Garda Group of Companies.
"The main goal of the attackers now is either to lure out bank card data and immediately debit money, or to gain access to accounts on Public Services, messengers and banking applications in order to use them in further schemes," Novozhilov says.
According to him, phishing links are actively being sent in messengers, including under the guise of a "Telegram Premium gift." The goal is to steal an account and then write to friends on your behalf asking them to lend money.
"Text messages or letters about a "delayed parcel" and a "small fee" work well,— Novozhilov says. — People pay 50-100 rubles by entering their card details on a fake website, and as a result they lose much more.
Also, according to him, the attackers are actively sending messages about alleged "New Year's payments/bonuses" on behalf of government agencies or banks with a request to enter card details and an online banking login/password to "transfer funds."
Loss time
In December last year, the total material damage from registered crimes amounted to about 85.5 billion rubles, which is almost 14% of the total annual damage from criminal activity (about 627 billion rubles). In 10 months of 2025, almost 582 thousand crimes were committed in the field of IT and computer information, material losses from criminal manifestations have already exceeded last year's mark and are approaching 650 billion rubles. Such disappointing data follows from the reports of the Ministry of Internal Affairs on the state of crime. The vast majority of thefts today are committed remotely, and the attackers often operate from abroad, which makes it extremely difficult to catch them and compensate the victims.
Minimize the risks
—The card data or account access provided to the attackers can be used for further extortion, obtaining loans, or attacks on your friends,— Nikishkin warns. He calls for extremely careful attention to the safety of personal data and recalls the three pillars of security: care, verification and technology.
Healthy skepticism, according to the expert, increases the chances of avoiding problems.
— Any offer that sounds too profitable or creates an artificial rush is a red flag.
Scrupulous verification of the offer will also help to avoid getting into trouble.
— Always verify the seller, — advises Nikishkin. — Legitimate sellers, as a rule, do not require a 100% prepayment. Never share confidential data. Real bank employees will never request SMS codes by phone.
According to him, it is definitely worth using protection.
— Install antivirus software; be sure to enable two-factor authentication for all important accounts. This is the most effective way.
If it's too late
If money or data has already been transferred to intruders, you need to contact the bank, block the card, change passwords to all important accounts and file a police report, saving all screenshots and numbers.
"Remember that your vigilance is the main gift you can give yourself and your loved ones for the New Year,— the expert concludes.
You should celebrate the New Year with a good mood, not with an empty wallet. Caution and cold calculation are the best companions in pre—holiday chores.
Переведено сервисом «Яндекс Переводчик»
