Experts reported an outflow of Telegram scammers following Durov’s arrest in Paris

• Mammoth is an online fraud scheme that aims to steal bank card details and money by paying for fake purchases, selling products, booking accommodation or paying for rideshares. Since 2019, attackers have been expanding the scheme, adding countries and brands, devising ways to evade threats and new scenarios to find victims.

At the end of September-October 2024, many fraudulent groups working according to this scheme began to abandon Telegram, preferring specially created sites. This trend intensified after Durov’s statement, in which he said that IP addresses and phone numbers of violators of messaging rules could be transferred to law enforcement upon official request, the report notes.

According to analysts, after the publication of Durov’s post, the income of 70% of fraudulent groups operating under the “Mammoth” scheme decreased by 22% in four weeks, from 58 million to 45 million rubles.

FACCT experts clarify that there are currently 16 large groups operating under the “Mammoth” scheme in Russia and the CIS countries, in which more than 20 thousand people participate. From July 2023 to June 2024, these fraudsters stole more than 1.2 billion rubles from citizens of Russia and the CIS, and since the beginning of 2021, the total damage from the scheme has exceeded 8.6 billion rubles. . The average amount stolen under the Mammoth scheme in Russia was 9,000 rubles.

Recommendations for users:

• only access the official websites of the brands;
• check the site creation date through free whois services to find out the registration date, payment terms and domain owner information;
• beware of huge discounts on equipment on classifieds sites, this could be bait set up by scammers;
• keep all correspondence with the seller only through the internal chat of the advertising site, do not access instant messaging;
• at the final stage of the transaction, make sure that the site is real and not fake;
• Do not pay for products in advance at unverified stores, check the products upon receipt and pay only after inspection.

Recommendations for businesses:

• constantly monitor brand usage to reduce financial and reputational risks;
• use automated digital risk protection solutions to protect customers; They identify fraudulent resources in advance and prevent traffic from being redirected to malicious sites.

Durov was detained at Paris’ Le Bourget airport on August 24 and arrived there on a private plane from Azerbaijan. On September 28, he was charged with, among other charges, complicity in the administration of an online platform to carry out illegal transactions, refusal to provide data or documents to authorized bodies at their request, and concealment of crimes as part of an organized group. . On August 28, he was released on bail of 5 million euros and was prohibited from leaving France.

Group IB was founded in 2003. In spring 2023, Group-IB allocated Russian assets and the business was bought by local shareholders and senior management. The company continues to operate in Russia under the FACCT brand.