A new wave of fraudulent activity, leveraging the popular narrative of foreign brands returning to the Russian market, is rapidly gaining momentum, particularly in the run-up to the New Year holidays. Daniil Borislavsky, an information security expert, issued this warning, emphasizing the sophisticated nature of the attacks.
The Phishing Mechanism
Users are receiving fraudulent communications, often via email and messenger apps, impersonating well-known retailers such as Zara, Bershka, or H&M. These messages are designed to look highly credible, frequently featuring authentic logos, corporate color schemes, and domain names closely mimicking official sites.
The core message typically states that the brand is “returning to Russia” and encourages users to register, “restore their old account,” or claim an exclusive “first-customer discount” or “loyal client gift.”
Upon clicking the embedded link, a form opens requesting personal information, logins, passwords, and sometimes even confirmation codes sent via SMS. This is a classic phishing attack. The entered data is instantly transmitted to cybercriminals, who then steal authorization credentials, granting them access to bank accounts or sensitive government service portals.
— Daniil Borislavsky, IT Expert
The “Free Delivery” Variation
Another variant of the scheme involves offering a “free gift for continued brand loyalty during these difficult times.” Users are simply asked to confirm their recipient address via SMS or pay a small fee solely for delivery.
In the delivery fee scenario, victims report that amounts significantly exceeding the advertised charge are debited from their accounts, and all attempts to contact the supposed “customer support” immediately fail.
Security Recommendations
To protect themselves from these increasingly popular scams, Borislavsky strongly recommended that consumers verify any news regarding the return of foreign brands exclusively through official company websites or highly trusted media sources.
The expert further advised against clicking links found in unsolicited emails or messenger apps from unknown sources, and cautioned users never to input bank card details or account credentials onto third-party, unverified pages. Crucially, consumers should enable multi-factor authentication (2FA) on all important accounts and utilize security filters to detect and block phishing distribution lists.
This warning follows previous advisories from law enforcement concerning scammers demanding victims enable screen sharing on their smartphones, a technique used to covertly steal interlocutor data.
