From "bank calls" to fake investments. How scammers steal money from cards
Belarusians have increasingly fallen victim to financial fraudsters: the number of successful scams and their average sum have grown. Common schemes include deception and psychological pressure, so-called social engineering, as well as the illegal use of card details. The Banking Processing Center compiled the threat rating, writes the website "Belarusy i mir".
Illustration: Banking Processing Center
In 2025, the number of successful fraudulent operations increased by 27 percent compared to the previous year, and the average amount of a single scam rose from $82 to $385. The total amount lost by people due to fraudsters became almost five times higher.
Most often, in 53.3 percent of cases, fraudsters gain full access to the victim's account (account takeover). In 45.5 percent of cases, card details obtained from people through deception or theft are used.
Social engineering is very often employed: 63 percent of all cases are somehow related to deception and manipulation. Lost and stolen cards are rarely used — in 1.1 percent of cases, and counterfeit cards have completely become a thing of the past, with a share of less than one percent.
Skimming devices are no longer found on Belarusian ATMs. There was no mass data leakage of cardholders last year either.
Almost 9 out of 10 cases of fraud occur online, when the card is not physically used. Attackers actively use social engineering methods to gain trust. They call by phone or write in messengers, posing as bank employees, police, or technical support. The goal is to obtain personal data, access to internet banking, or install a remote access program on the victim's phone.
What specific schemes are working
In 2025, a new dangerous scheme called NFC Gate appeared. Fraudsters convince a person to install a remote access program, and then – to tap their card against their smartphone and enter a PIN code, supposedly for verification. The card data is retransmitted to the attackers, who can then withdraw money from an ATM or pay for purchases with their own phone.
Tokenization fraud is also actively developing: after obtaining card data, attackers link it to their smartphone or other device. After this, they can spend money online, in stores abroad, and even withdraw cash from ATMs. In 2025, 58 percent of such operations involved cash withdrawals from ATMs.
Phishing websites remain relevant — exact copies of internet banking or popular services. A person lands on such a page via a link from an email or message, enters their data, and it immediately goes to the attackers. Fraudsters continue to try to guess or brute-force card numbers (BIN attacks). They automatically generate combinations and test them with small payments on poorly protected websites.
"Investment" traps are gaining momentum. People online are offered "quick and guaranteed income" — to open a brokerage account and invest money. After transferring funds, the "brokers" disappear with them.
A scheme related to dating sites is still widespread. Fraudsters gain trust and then send phishing links for purchasing tickets, flowers, or gifts. Those who click on them and enter payment details lose money.
A new type of dispute has also emerged — "friendly fraud". This is when a person themselves or a close relative makes a purchase, receives a product or service, and then claims to the bank that it was fraud to get their money back. This particularly often occurs in the realm of digital goods and subscriptions.
What to expect in 2026?
Specialists from the Banking Processing Center predict that fraudsters will more actively use artificial intelligence: creating voice deepfakes for calls, personalizing phishing emails for each person. Employees of companies will be of particular interest to them — so-called CEO fraud (deception on behalf of management).
Fraudsters will more often hack official brand accounts in messengers and write to customer support on their behalf. Platforms for finding services and performers are also under attack.
The threat will shift towards data theft for tokenization: attackers will more actively install malicious programs on phones to forcibly link someone else's card to their wallet.
The main challenge of 2026 is the combination of high technology and subtle psychological manipulation. Banks and payment systems will have to evaluate not just suspicious transactions, but all customer behavior: which device they log in from, how they usually use their card, and whether someone is trying to control them remotely.