Updates on Online Safety Issues

Fraudsters use various schemes related to recovering blocked or hacked accounts. They create fake support services, post fake websites, and send phishing emails. Their main goal is to obtain credentials, extort money, or use the profile for criminal purposes.

Malefactors may offer supposedly legitimate services or convince the victim to give them passwords and confirmation codes, promising to restore access. Understanding fraud schemes will help avoid losing accounts and funds.

Account recovery scams: common schemes

Fraudsters use several main methods to deceive users:

  1. Fake support services. They create websites that visually copy the pages of real services, and force users to enter usernames and passwords.
  2. Phishing emails and links. The victim receives a message asking to “confirm identity” or “unlock the account.” By clicking the link, they enter credentials, transferring them to the fraudsters.
  3. Paid access recovery. Fraudsters demand payment to return the account, but disappear after receiving the money.
  4. Requesting confirmation codes. Under the guise of support services, fraudsters ask for the code from an SMS, after which they change the password.
  5. Ransom for a hacked account. Malefactors block the profile and then demand money for its return.

Sometimes fraud schemes are combined. For example, criminals first hack the profile, and then offer the owner help in restoring it for money.

Image

Deception with hackers and fake support services 

Some fraudsters act as hackers, offering services to return hacked accounts. Most often it looks like this:

  • they demand prepayment, but disappear after receiving it; use the provided data for blackmail or further hacking of the victim's other services;
  • ask to install malicious programs that steal passwords and personal information.

Fake tech supports are also common. They operate through clone sites or social networks, creating pages visually identical to official ones. Once on such a resource, the user enters their data, which immediately goes into the hands of fraudsters. After that, criminals change the password, link a new email or phone number, completely taking over the profile.

Another scheme is phone calls from “support staff.” Malefactors claim that an attack was made on the account and offer to “verify” it. The victim is sent a code and asked to say it out loud. In reality, the code is used to change the password, after which the profile ends up in the hands of the fraudsters.

Image

Scam on password recovery and fake tech supports 

There are several fraudulent schemes related to password recovery:

  1. Fake login pages. Their design completely copies original websites, but they belong to fraudsters.
  2. Blocking messages. The victim receives a letter demanding to confirm their identity, otherwise the account will supposedly be deleted.
  3. Promise of quick recovery. The user is offered a paid service, but after transferring the money, communication with the “helpers” is cut off.
  4. Phone calls. Fraudsters pose as support service and request a confirmation code.
  5. Phishing links in mailings. The emails contain URLs leading to fake login pages.

Often fraudsters act through social networks and messengers. They create fake accounts of well-known brands and offer help in recovering profiles. Many users trust such “specialists” without checking their authenticity, leading to loss of access to the account.

Image

Data recovery scam: how to protect an account from fraudsters 

To avoid data theft, it is important to follow cybersecurity rules:

  • Create strong passwords. They should contain at least 12 characters, including uppercase and lowercase letters, numbers, and special characters.
  • Use two-factor authentication. This is an additional layer of protection that makes it difficult for fraudsters to access.
  • Check URLs. Before entering data, make sure the site actually belongs to the official service.
  • Do not share passwords and confirmation codes. Genuine support services never request such information.
  • Ignore suspicious offers. Any paid recovery services are fraud.
  • Check contacts in account settings. It is important to control which phone numbers and emails are linked to the profile.
  • Monitor active sessions. Most services allow you to check which devices have logged in and terminate suspicious sessions.
  • Do not click on suspicious links. Phishing sites look similar to originals but can steal credentials.

Image

If the account is already hacked, it is necessary to urgently change the password, disconnect suspicious devices, and contact official support. In some cases, the access recovery function can be used if the linked contacts have not been changed by fraudsters.

Regular control of security settings and careful attention to suspicious messages will help prevent account loss.

Категории блога

© 2025, Only Fact. All Rights Reserved. | User Agreement | Privacy Policy