Phishing, "calls from the bank," fake stores - the most common types of fraud: how not to fall into the trap

Cyber fraudsters are increasingly less likely to directly hack systems and more often force people to independently give access to money and accounts through phishing, fraudulent calls from the "bank", fake stores, and malicious applications. In this material, UNN has collected the most common types of cyber fraud, key risk signs, and a brief algorithm of actions if a person has already become a target of criminals.

Cyber fraud: main types of schemes and how to recognize them

Currently in Ukraine, criminals most often do not hack devices or disable security systems, but force a person to perform the necessary action independently: follow a link, provide a code, install an application, or transfer money. According to estimates from the banking and financial sector, a significant portion of incidents fall under social engineering, where the operation is confirmed by the legitimate account holder.

Phishing: fake websites, emails, and messages

Phishing refers to the extraction of data through fake resources or messages that resemble official ones from banks, marketplaces, government services, or delivery services. Cyber fraudsters do this through:

• emails;
• SMS (smishing);
• calls (vishing);
• messages in messengers and social networks.

A separate risk is number spoofing, when a fraudster's SMS is pulled into the same thread as bank messages, and the person perceives it as credible.

How to avoid phishing

• check the website address before entering any data;
• do not follow links from SMS/messengers in messages about urgent actions, payments, compensations, account confirmations;
• open the site manually or through the official application;
• do not enter payment data on pages accessed from advertisements or unverified messages.

Fake online stores and non-delivery of goods

One of the most widespread schemes in Ukraine, especially on marketplaces and in advertisements, is fake sales. The buyer pays for the goods in full or makes an advance payment, after which the seller disappears.

Among the common schemes, the cyber police specifically mention non-delivery of goods, phishing, and "calls from the bank."

In 2025, fake sellers and stores also figured among the most typical risks in online shopping.

Safe online shopping: what you need to do

• do not make advance payments to unfamiliar sellers on classifieds services without transaction protection mechanisms;
• prefer cash on delivery or payment through platforms with official tools for buyer confirmation and protection;
• check the seller: history, reviews, availability of official contacts, and return policy.

"Call from the bank" and extracting one-time codes

In this "scheme," the fraudster pretends to be a bank employee or a financial institution's security service, reports a supposedly suspicious operation, and asks for:

• code from SMS;
• CVV;
• password;
• confirmation in the application;
• installation of "protective" software.

The cyber police emphasize: in reality, the bank does not need your one-time codes, as this contradicts the very idea of their use. And the NBU specifically highlights rules that help avoid such scenarios. 

Calls "from the bank" or "security service": how to protect yourself

• if you receive calls with messages about a suspicious operation and are asked for codes or other personal data, immediately end the conversation;
• call the official bank number yourself, indicated on the card, in the application, or on the official website;
• do not follow instructions that involve installing programs for alleged verification, protection, or remote assistance.

SpaceX blocked thousands of Starlink terminals used by cybercriminals24.10.25, 03:01 • 4144 views

Malicious applications and remote access

A common mechanic: a person is sent a link to a supposed banking update, delivery, payment verification, or discount. But in reality, it's a program that intercepts SMS or provides remote access to the victim's smartphone. Then, attackers gain control over accounts and payments. In their messages, criminals often press on urgency and fear of losing money, as this accelerates mistakes.

How to secure your phone and accounts

• enable two-factor authentication (2FA) for email, banking services, social networks, and messengers. If possible, use an authenticator app instead of SMS;
• regularly update your operating system and applications;
• install applications only from official stores (Google Play, App Store);
• do not install APK files from links in chats or SMS;
• configure hiding the content of messages with confirmation codes on the lock screen;
• use unique strong passwords for each service;
• if possible, use a password manager.

Financial number hijacking (SIM-swap) and access recovery attacks

If a phone number is linked to a bank, email, and social networks, its loss or re-issuance to an attacker opens the way to password recovery and code interception. The issue is so painful that separate initiatives were discussed in Ukraine to reduce fraud around financial numbers.

Protection against SIM-swap

• set up an additional password/code word for SIM card operations with the mobile operator, if such an option is available;
• reduce the dependence of services on SMS confirmation: use authenticators and backup codes;
• react to risk signs: sudden loss of connection without technical reasons, absence of SMS, inability to make calls. In such a case, you should immediately contact the operator and the bank.

Investment "projects", pseudo-brokers, and crypto schemes

A typical scenario for fraudsters is advertising guaranteed income, insider information, and a personal manager. First, they ask for a small contribution, show the victim "profit" in an electronic account, and then encourage them to increase the deposit. At the stage of withdrawing funds, taxes, commissions, and verifications appear, which also need to be paid.

Thus, the person loses both the deposit they gave earlier with the hope of profit, and the money that supposedly went to pay the "commission."

How to prevent a ransomware attack: tips from the cyber police02.12.25, 16:40 • 55525 views

Job fraud as drawing Ukrainians into criminal complicity

A separate category of online risk is offers of easy work involving transfers, cash-outs, or opening cards or accounts "for the company." A person can be used as a "money mule" (an intermediary for money laundering).

Fake support services on social networks and messengers

Fraudsters create clone pages of brands and support that is the first to write in comments. Then they ask to fill out a form, confirm an account or payment, go to a private chat where they extract data. 

What to do if you clicked "the wrong thing"

• Immediately block the card and access to banking and change passwords for email and key accounts;
• Log out of all devices (where available) and enable two-factor authentication;
• If you installed an application or gave remote access, disconnect from the internet, delete suspicious items, check the device, and if necessary, reset to factory settings;
• Contact the bank and file a report with the cyber police.

Recall

Earlier, we wrote that North Korean hackers set an anti-record in 2025, stealing $2 billion in cryptocurrency. This accounts for the lion's share of global crypto thefts, which totaled $3.4 billion.