Review of Authorised Frauds

In 2025, credit institutions sent information on authorised frauds committed against clients–individuals according to Reporting Form 0403203. Most authorised frauds were of the following types: ‘Bank cards’, ‘Accounts’, ‘Faster Payments System (SBP)’, ‘E-wallets’, and ‘Without opening an account’. As before, perpetrators chose combined fraud schemes, tricking the victims into making money transfers via these channels, which caused an increase in authorised frauds in this category.

In 2025, payment card frauds numbered 980,460, which was still the highest figure compared to other types of fraudulent transactions.

The largest amount of funds, namely ₽10,628.41 million, was stolen through transactions of the type ‘Accounts’. It is worth noting that the amount of funds reimbursed to the victims was also the largest in this category, specifically ₽700,407,360.

In 2025, using social engineering techniques, malefactors often tricked the victims not only into conducting a transaction on their own but also into clicking a phishing link or downloading malware.

Malefactors can thus access remote banking systems used by clients to commit fraudulent actions or exploit scenarios for the transfer of payment card data through special software (NFCGate or reverse NFCGate scenarios).

In accordance with Part 3.13 of Article 8 of Federal Law No. 161-FZ, dated 27 June 2011, ‘On the National Payment System’, banks are financially liable to their clients–individuals for improperly implemented antifraud measures in the course of a money transfer if the payment details for the latter are in the Bank of Russia’s database on facts and attempts of authorised frauds. The reimbursements paid pursuant to the law totalled ₽3.16 million (vs ₽1.23 million in 2024), which is the result of banks’ compliance with the requirements for antifraud measures.

Beginning from 2023, credit institutions have been sending to the Bank of Russia information on the amounts of thefts they managed to prevent. Over 2025, the amount of prevented authorised frauds totalled ₽13,895.4 billion, compared to ₽13,508.04 billion in 2024. Owing to efficient antifraud procedures, credit institutions managed to prevent 134.16 million fraudulent transactions in 2025 vs 72.17 million in 2024.

In 2025, the Bank of Russia forwarded information on 69,091 phone numbers, which fraudsters used to steal money from individuals, for communications providers to take appropriate response measures.

As a result of the efforts made by the Bank of Russia jointly with the Russian Ministry of Digital Development, Communications and Mass Media, financial market participants, and communications providers, the number of fraudulent phone calls has been decreasing.

The year 2025 saw a growing number of fraudulent schemes where malefactors attempted to trick a person into dialling a fraudster’s phone number. In most cases, first, the victim received a phone call allegedly from a representative of a service company, such as food delivery services, flower shops, or cafés and restaurants. Then, the victim was notified of an order booked for him/her, products to be delivered, or gifts, which were to be confirmed by the code from a text message. After the victim said this code, the phone call was dropped and a voice robot notified the victim that the phone call was fraudulent and dropped for that very reason. The victim then received a message to his/her phone number about an attempt to raise a microloan on his/her behalf or hack his/her account on the Public Services Portal, and this message included the phone number for further contact. When the person called this phone number, malefactors persuaded the victim to transfer his/her savings to their account or to hand over the cash to them under the guise of protecting the funds.

In 2025, in order to enhance the mechanisms for counteracting telephone fraud, the Bank of Russia jointly with communications providers and banks launched a pilot project ensuring communication aimed at using information about malefactors’ phone numbers in the course of banks’ antifraud measures. This approach helped detect bank accounts that perpetrators could use to withdraw stolen funds and label them as illegitimate proactively, which made the process of responding to fraudulent transactions more efficient. As a result, the experiment enabled credit institutions to suspend identified suspicious transactions amounting to over ₽100 million.

Despite the downward trend in the number of phishing websites and websites created for unlawful financial operations recorded over the previous two years, such attacks remained frequent in 2025.

Over the course of 2025, as part of collaboration with the registrars of .ru, .рф and .su domain names and domain names with other extensions, the Bank of Russia sent requests for de-delegation of 1,002 resources, compared to 1,335 resources in 2024. The average time of domain de-delegation by registrars remained unchanged, namely from three hours to several days.

In 2025, the largest amounts of funds were stolen from individuals through fraudulent schemes combining social engineering techniques and phishing websites impersonating official websites of commercial entities, federal authorities, and government platforms.

Fraudulent schemes persuading individuals to invest in cryptocurrencies and conduct transactions with such instruments are becoming increasingly widespread.

The Bank of Russia continues to actively collaborate with the Prosecutor General’s Office of the Russian Federation to block access to resources disseminating information about unlicensed financial services and information encouraging the participation in financial pyramid schemes in the Russian Federation. The Bank of Russia’s continuous work to detect and block such information helps curb malefactors’ efforts to use this attack vector against individuals. In 2025, the resources blocked based on the Bank of Russia’s information numbered 37,416, which is 16.3% less than in 2024.

In particular, over the course of 2025, the Bank of Russia initiated blocking of access to 4,817 webpages (groups) in social networks and 33 apps, among other things.

As in the previous year, the blocked webpages (groups) in social networks were mostly used for unlicensed operations. The apps, masquerading as operating credit institutions’ resources, were used for phishing.

In 2025, 43% of the resources blocked at the Bank of Russia’s initiative were phishing websites mirroring the names of popular banks and investment companies. Fraudulent resources that perpetrators use to conduct unlicensed operations in the securities market as well as non-existent credit institutions’ and microfinance organisations’ operations were still widespread, accounting for 36% of the blocked resources.

The third largest category was financial pyramids accounting for 21% of the blocked resources. Most often, financial pyramids masquerade as online games offering a user to earn up to 1,000% per annum after purchasing a game character or other in-game items, which ultimately leads to the victim losing all the money invested.