Promise to Restore Access, but Steal Everything: Fake 'Rescuers' of Accounts

How Scammers Operate

Fraud schemes related to account recovery often rely on the use of fake services and bogus support departments. Criminals create websites that outwardly resemble the official pages of popular platforms or pose as support specialists in messengers and social networks. Their goal is to obtain users' logins, passwords, and other personal data.

In common schemes, fraudsters offer to restore lost access to social media profiles, messengers, or email services. For this, they request account credentials, phone numbers, or SMS codes. After obtaining the information, scammers can use it to steal accounts, pass on data to third parties, or further extort the victim.

Main Fraud Schemes

Criminals use various methods to persuade the victim to share their data:

1. Fake support service. Fraudsters create fake support pages or write on behalf of official companies in social media. They convince users to provide information supposedly for verification.
2. Hacker scam. Some scammers promise to hack an account and restore access for a fee. After receiving the money, they disappear or demand an additional amount.
3. Fake recovery forms. On clone sites, users enter logins and passwords believing they are logging into an official resource, but the data immediately goes to the scammers.
4. Recovery data scam. The victim is informed their account is blocked or hacked and is offered immediate access restoration by entering information on a fake resource.
5. Use of data leaks. Some scammers use leaked password databases to hack accounts, especially if the user reuses the same password across different resources.
6. Fake applications. Malicious programs disguised as official utilities for access recovery can steal personal data and transmit it to scammers.
7. SIM card swap scam. Criminals can gain access to the victim's phone number through a mobile operator, intercept SMS codes, and change the account password.
8. Email phishing. Emails from popular services contain links to fake sites where users enter their credentials.
9. Social engineering. Scammers can impersonate acquaintances or colleagues, using stolen data to extract passwords and confirmation codes.

How to Protect Your Account from Scammers

To avoid losing access to personal data, follow a few security rules:

1. Use official services. Restore accounts only through verified platform pages and applications.
2. Do not share passwords with third parties. Genuine support services never request personal data.
3. Verify links. Before entering information on a site, ensure that the address matches the official one.
4. Enable two-factor authentication. This makes it harder for criminals to access your account.
5. Ignore offers from strangers. If someone promises quick recovery for money, it's almost always a scam.
6. Use strong passwords. Long and complex combinations reduce the likelihood of a hack.
7. Monitor account activity. Checking the list of authorized devices and login notifications can help detect suspicious activity in time.
8. Set up backup recovery methods. Adding a backup email address and trusted phone numbers can help regain access in case of a password loss.

What to Do if Your Account is Already Hacked

If your account is already under the control of scammers, you need to:

• Urgently change the password on all linked services.
• Report the hack to the platform's official support service.
• Check security settings and disable suspicious devices.
• Notify friends and acquaintances to prevent possible attacks on their accounts.
• If scammers demand ransom, do not give them money and contact law enforcement.
• Check if the credentials were used to log into other services.
• Clear browser cache and change passwords for accounts that may be compromised.
• Check if there are any unauthorized email addresses or phone numbers linked to your account.

Fake account recovery services pose a serious threat to users. Awareness of fraud schemes and adherence to basic security measures can help protect personal data from criminals. It's important to regularly update passwords, use unique combinations for different services, and be cautious when receiving emails and messages with suspicious links.