Presented by Incogni

A Message from Incogni: Unknown number calling? It’s not random

The BBC caught scam call center workers on hidden cameras as they laughed at the people they were tricking. One worker bragged about making $250k from victims. The disturbing truth? Scammers don’t pick phone numbers at random. They buy your data from brokers.

Once your data is out there, it’s not just calls. It’s phishing, impersonation, and identity theft. That’s why privacy conscious people choose Incogni: They delete your info from the web, monitor and follow up automatically, and continue to erase data as new risks appear. Try Incogni today and get 58% off annual plans with code CO58.

It’s a cold autumn morning, in 2025, in Dnipro.

Valentyna pulls her warm coat tighter and steps outside to her garden, checking on the last plants before winter, which is a quiet routine she has kept for years.

That morning, her phone rang.

“Mom, what did you do? Someone is asking me for 20,000 hryvnias from your account. Your Telegram has been hacked.”

During wartime, internet scams have become part of broader Russian hybrid attacks aimed at destabilizing society from within, especially when it is already under constant tension. Scammers exploit the trust of vulnerable people, such as the elderly or internally displaced persons, deceiving them out of money and further undermining public morale.

Ukrainians were warned this March that hackers were sending phishing emails that appeared to be from the country’s government institutions. Russia’s goal was to infect devices and steal sensitive information.

Similar attacks have happened in other countries. This January, the Russian-linked group ‘Fancy Bear’ carried out phishing campaigns in several EU countries, targeting personal accounts and data.

Although these users are from different countries, the damage is equal for everyone: stolen personal data, hacked accounts of friends, financial losses, and harm to people’s reputations both among those they know and strangers.

For Valentyna, the growing threat of cyberfraud became something very personal.

Valentyna, who retired 25 years ago from the Dnipro City Council, lives alone, in a quiet apartment filled with jars of homemade jam and preserved vegetables. She is not entirely alone, though — her daughter, once a little girl who lived with her, has grown up and now has a family of her own.

Now, her days follow a steady rhythm. She likes spending time in her garden, growing raspberries, currants, dill, parsley, and basil. Valentyna plants trees and bushes and sometimes sells what she grows. That autumn morning in the garden, when her daughter called, was supposed to be like dozens of others.

The night before the cyberfraud incident, she had been scrolling through Telegram, reading the news as usual. A message came from a former colleague.

“Please vote for my granddaughterʼs drawing in a competition,” it said. It also claimed the girl had cancer and that the prize money would go toward her treatment.

Valentyna did not hesitate. Just days earlier, she had asked friends to vote for her own granddaughter in a modeling school contest in Dnipro.

“If people supported my child, why wouldn’t I support another?” she thought, and clicked the link.

She had yet to find out that Russian scammers would steal her identity.

Russia began its hybrid attacks in cyberspace against Ukraine long before its full-scale invasion, extending warfare beyond land. In March 2014, just three days before the referendum on Crimea’s status, Russia launched an eight-minute DDoS attack that made the governmental websites slow or completely unavailable to normal users.

The attack targeted the key governmental security institutions and major news outlets, rendering them temporarily unavailable to the public and successfully hindered the Ukrainian government’s ability to disseminate official information during the critical days leading up to the Crimea referendum.

The cyber pressure did not stop there. In May 2014, before Ukraine’s presidential elections, a pro-Russian hacktivist group managed to break into the network of the Central Election Commission and delete important files, hoping to alter the election results.

However, the attack ultimately failed. The malicious software was discovered and removed just 40 minutes before the elections began, which eventually delayed the vote count.

Over time, these large-scale cyberattacks evolved into smaller, more personal cyber fraud schemes that used the same tactics of deception and manipulation to target ordinary people.

“I remember feeling numb, shocked, terrified and panicking. I couldn’t think clearly because my daughter was scolding me over the phone, and I just stayed silent,” Valentyna said. She reacted this way when her daughter told her off for falling for scammers.

Even though phishing links are still the main tool used by Russian scammers, their methods are becoming more varied and better adapted to wartime. Offers for displaced people, social payments, and charity collections lure Ukrainians during the war.

In just one year of the full-scale invasion, 11 percent of Ukrainians became victims of cyberfraud. Scammers would usually target young people and people aged 65 and older.

Scammers use social engineering, according to Oleksandr Ulianenkov, head of the police online fraud counteraction department. It is a scammer’s manipulation that makes people give up access to their private information (like passwords or bank data) or to systems by getting around security protections.

Scammers call or message potential victims using scripts designed to create emotional pressure: sick children, urgent medical treatment, missing soldiers, or energy shortages.

People often don’t realize they’re being scammed because scammers exploit how our brains work. They play on emotions like fear, trust, or greed, emotions that cause the average person to trust authority or friends automatically. Additionally, the majority have an optimism bias, thinking “it won’t happen to me,” which makes people less careful. All these factors together make even smart people fall for scams.

After the morning call from her daughter, Valentyna rushed to a small local electronics shop nearby. A few young men worked there; they sold phones and accessories, fixed devices, and helped people with all kinds of technical problems.

She went straight to them because her neighbor had once told her his Telegram account was hacked, and these guys were the ones who helped him fix it. In that moment, they felt like her only chance.

“Guys, please help. What should I do?” she said, frightened.

Valentyna did not realize yet that someone from Russia had logged into her account.

Telegram is a messenger that had previously been flagged in Ukraine as potentially risky as it has a relatively low level of encryption, which makes it easier for scammers and intelligence services to access personal data. Telegram has become one of the key tools used by Russian intelligence services, posing a threat to Ukraine’s national security, as the app has been used to interrogate prisoners of war, spread fake narratives, and monitor people in occupied territories.

The danger of Telegram scams lies in their deception. When a victim clicks a phishing link, they actually log in to their account. The scam begins right after this step — once they gain access, attackers collect all the necessary personal data from the victim.

For example, if a user logs into social media, a hacker can steal cookie files stored in your browser and load them into their own one. Then, the attacker can appear as if they are already logged into the victim’s account, without needing a password, according to a leader of a hacker group named ‘4BID.’

In 2025, Ukrainian cyber police reported an increase in fraud cases on Telegram, which is actively used to spread phishing links, fake bots, and messages from hacked accounts.

But Valentyna was lucky.

After checking Valentyna’s phone, technicians from the local electronics shop explained that to remove the hackers from Telegram, they would need to wait 24 hours before fully disconnecting the account.

Valentyna did not wait in silence. She began calling everyone she knew, warning them not to send money or trust the messages.

“Cybercriminals have no limits,” Ulianenkov, Lieutenant Colonel of Police, said. “The threat has decreased, but it is still there. Every day we receive reports. There have been successful cases where hundreds of thousands of hryvnias were returned.”

When Valentyna returned to the workshop the next day, specialists found that one of the scammers was Russian. The technicians laughed.

“You caused quite a panic,” they told her. “The scammers realized you were not an easy target and disconnected themselves from your contact list.”

Two-factor authentication was installed on her account. Valentyna reduced her Telegram channels to just two and kept only her daughter and granddaughter in her contacts.

The cyber police are currently developing and implementing methods to effectively combat cyber fraud, Ulianenkov said. They designed multiple automated systems to monitor suspicious activity in order to freeze funds and prevent scammers from obtaining them. Additionally, phone numbers used in fraudulent schemes are blocked and phishing links are disabled.

Valentyna now guards her phone the way people double-check their door locks at night.

“Let the scammers know there are no fools left,” Valentyna said.

NEWS OF THE DAY:

By Oleksandra Poda

Good morning to readers; Kyiv remains in Ukrainian hands.

ZELENSKYY SIGNS FIRST-EVER SECURITY AGREEMENTS WITH THE PERSIAN GULF REGION: Zelenskyy visited the UAE and Qatar and confirmed the signing of 10-year security agreements. Ukraine is providing the Gulf region with its full anti-drone defense package, including maritime drones, electronic warfare capabilities, software, and interception expertise. In exchange, it will receive missile defense systems and financial aid.

This is the first time in history that Ukraine has signed such agreements with the Persian Gulf region. Kyiv is deliberately building long-term strategic partnerships outside of NATO.

RUSSIA IS DELIBERATELY REDIRECTING UKRAINIAN DRONES TOWARD FINLAND AND THE BALTIC STATES: Ukraine has stated that Russia is deliberately redirecting downed or captured Ukrainian drones toward Finland and the Baltic states. It aims to provoke tension between Kyiv and its NATO allies. Finland is already developing its own drone alert app based on the Ukrainian model.

If this operation succeeds, Moscow will be able to pit Kyiv against Helsinki and Riga without firing a single shot.

RUSSIA IS PREPARING A SPRING OFFENSIVE: The war in Iran is diverting attention from Ukraine while Russia launches its spring offensive. Over the past month, Russia has carried out 51 assaults on Pokrovsk alone in a single day and deployed 289 drones in a single night.

Russia is reaping a double benefit from the war in Iran. While the West’s attention is diverted, oil revenues are rising due to the Strait of Hormuz crisis, and the shortage of PAC-3 missiles for the Patriot system is already being felt, as a significant portion has been redirected to the Middle East.

DOG OF WAR:

The well-behaved dog patiently waited for his owner while she was buying coffee.

Stay safe out there.

Best,
Anastasiіa