Deepfakes, voice cloning and war speculation: how online fraud algorithms have changed in Ukraine

The scale of fraud in Ukraine is impressive, as almost 49 thousand criminal proceedings were officially registered during the year, although the real figure is much higher. However, most of the scams have moved to the online and mobile space. Instead of sophisticated hacking, attackers use psychological pressure, deepfakes and speculation on the topic of war, forcing people to give up access to cards on their own. At the same time, Ukrainians remain defenseless, because law enforcement and banks rarely help, and only 20% of cases reach court. In contrast, in Western countries, responsibility for customer safety and financial losses has long been placed on banks and mobile operators.
Criminal statistics of fraud: why cybercrime is growing, and court sentences remain rare
During 2025, law enforcement agencies entered 48,871 criminal proceedings into the Unified Register of Pre-Trial Investigations under Article 190 of the Criminal Code of Ukraine, which qualifies fraudulent actions. The lion’s share of this array of offenses is generated precisely by the virtual space, which is confirmed by the internal statistics of the National Police, which recorded 26.9 thousand cybercrimes, the essence of most of which boils down to telephone scams and online manipulations.
Despite the obvious scale of the problem, official state reporting still does not single out telephone fraud as an autonomous statistical category. The reference point in this matter is financial institutions and specialized regulators, whose monitoring data on card fraud allow us to assess the real scale of the threat. Banking sector analytics indicate a certain stabilization of the payment card market, where the total number of illegal transactions reached 256 thousand cases, demonstrating a 5% decrease compared to the same period in 2024.
The vector of vulnerability has shifted from technological shortcomings of banking systems directly to the psychology of users, since 80% of online fraud is made possible through direct manipulation of the human factor. Victims during telephone conversations or through inattention on phishing web resources voluntarily transfer confidential information to attackers, including personal data, passwords from SMS messages and CVV codes of payment cards.
The geographical distribution of criminal proceedings demonstrates a high concentration of crime in large cities, where the largest number of incidents was recorded in Kyiv, as well as in Dnipropetrovsk and Kharkiv regions. At the same time, the final effectiveness of combating these offenses remains low, since the proportion of investigated cases that are ultimately referred to courts with indictments is balanced within 18–21%.
Shadow industry of someone else’s grief: three front lines in Ukrainian cyberspace
The main weapon of attackers remains psychological pressure, wrapped in the form of social engineering and phishing, where users are forced to hand over the keys to their accounts. During telephone conversations, scammers skillfully imitate the work of security services of financial institutions, replacing reality with fictional crises, for example, messages about allegedly recorded suspicious transactions. In a state of artificially created panic, victims voluntarily reveal confidential information, in particular CVC codes or one-time confirmation passwords from SMS messages.
At the same time, the financial vulnerability of the population is being exploited through the sending of fake links in messengers, where ordinary theft of personal data is hidden under the guise of material assistance from the United Nations or the state program “EPidtrymka”. A similar mechanism operates on popular trading platforms or in social networks, where pseudo-buyers lure sellers to cloned “secure delivery” pages created solely to empty bank cards.
Criminal algorithms that appeared as a direct consequence of military operations, when empathy, solidarity and basic needs of citizens in times of crisis become the object of manipulation, are particularly cynical. Criminals massively create detailed fake profiles of real servicemen or famous volunteers, directing sincere charitable donations to the army into their own pockets. Against the backdrop of humanitarian disasters, cynical schemes have emerged demanding advance payments for organizing evacuation transport from hot spots or for long-term rental of housing in relatively safe regions of the country. Psychological terror reaches its peak during sudden calls with the terrible news that a loved one has been captured or hospitalized in critical condition, after which grieving relatives are forced to immediately transfer money as a ransom. In addition, the fraudulent market instantly responds to the infrastructure deficit, collecting advance payments for the sale of generators and Starlink terminals that no one is going to supply to buyers.
Digital technologies have opened up an alternative path of enrichment for criminals, associated with the direct interception of control over communication channels and personal accounts of Ukrainians. One of the most dangerous threats remains unauthorized remote reissuance of a SIM card, which allows attackers to take over the financial phone number and freely enter the victim’s mobile banking.
After compromising accounts in Telegram or Viber messengers, attackers launch a fan-like message campaign to all available contacts on behalf of the profile owner with a request to urgently borrow a certain amount of money. At the same time, traps are set for a wider audience in the form of offers of easy passive income, where users are lured into dubious cryptocurrency exchanges or promised a stable income for completing primitive tasks, such as putting likes under videos, which ultimately leads to the loss of their own savings.
It should be noted that the technological leap has allowed crime to attract neural networks to its ranks, which are able to accurately copy human personality. Using short fragments of video or audio that users voluntarily post on social networks, attackers generate voice clones of their closest relatives. During an emergency call, the victim hears the authentic voice of a child or mother, reporting a fictional traffic accident and begging for immediate financial assistance. To enhance the effect of reality, scammers have learned to integrate dynamic digital masks directly into video calls in messengers, broadcasting the face of a familiar person who, due to an allegedly poor connection, asks for rescue and disappears from the screen immediately after achieving the goal.
At the same time, citizens’ need for easy money is actively exploited, which is realized through multi-stage traps with employment in messengers. Organizers offer users a symbolic fee for primitive actions, for example, evaluating hotel rooms, watching videos or promoting goods on well-known trading platforms. To lull the guard and build a false sense of security, employers conscientiously pay the first few hundred hryvnias for completing basic tasks. Having convinced the person of the easy accessibility of profit, he is transferred to closed communication groups, where in order to move to a higher income level they are required to buy a scarce product or make a significant cash deposit. As soon as the transaction amount increases to several thousand hryvnias, the curators instantly break off communication and block the account of the deceived employee.
The traditional areas of logistics and money transfers have also undergone transformations, where fraudsters successfully maneuver between material values and bank accounts. When examining expensive mobile phones in post offices, attackers use tactics to distract the attention of staff, replacing the original device with a cheap mock-up and issuing an official refusal of the parcel.
Another sophisticated mechanism involves a sudden transfer of funds from an unknown sender, who soon calls to tell about an unfortunate mistake in the card number and begs to transfer a similar amount, but to completely different details. In such a combination, the unsuspecting recipient automatically becomes a financial intermediary, or “dropper,” through whose account money stolen from another victim on trading platforms is laundered, which inevitably leads to the card being blocked by law enforcement agencies.
Psychological pressure remains a powerful tool of influence, especially when it is based on romantic hopes or existential fear. By creating attractive profiles of foreigners or military medics on social networks, scammers spend months building trusting relationships with women, promising a future together and expensive gifts. Subsequently, an artificial crisis situation arises, for example, the need to urgently pay customs duties for a delayed parcel or finance an operation after an injury, which forces the victim to give up his last savings.
At the opposite pole of emotions, pseudo-representatives of the State Bureau of Investigation or the Tax Service work, who during aggressive phone calls accuse citizens of hiding income or financing banned organizations. They offer to avoid criminal prosecution and immediately close the case in exchange for transferring a compromising bribe to an anonymous crypto wallet.
The greatest threat to personal capital is the combination of social engineering with mobile banking tools. Attackers send phishing links that visually completely copy the interface of the state portal of electronic services, under the pretext of mandatory verification or updating of personal data. The user is offered to scan a special QR code, which actually transfers complete control over his electronic digital signature to third parties. Possessing this key, cybercriminals gain the legal opportunity to freely authorize themselves in financial institutions and remotely issue numerous microloans at high interest rates in the name of the victim.
Transnational syndicates: how digital scams became the number one crime in the world
Joint studies by the UN, Interpol and the World Bank indicate that digital abuse and financial fraud have finally topped the ranking of the most destructive cross-border crimes of our time. The scale of this expansion is confirmed by the cumulative global losses, which exceed one trillion US dollars every year. At the same time, the key factor in the success of attackers remains the human factor, because more than 70% of all cyberattacks in the world are implemented thanks to social engineering tools, among which manipulative phone calls, targeted SMS phishing and the creation of clones of legitimate Internet resources dominate.
The United States is experiencing an unprecedented level of losses from digital scams, as evidenced by official statistics from the FBI’s Internet Crime Complaint Center, which annually processes from 800 to 850 thousand official statements from affected citizens. Financial losses to American society from the actions of telephone and network manipulators range from 12.5 to 14 billion dollars per year, where the most devastating financial blow is inflicted by the compromise of business correspondence of companies and schemes disguised as crypto investments, although appeals on behalf of pseudo-technical support or tax inspectors are the most widespread.
A similar threatening dynamic can be observed on the opposite side of the Atlantic, where in the United Kingdom the Action Fraud service classifies fraud as the most common offense, covering more than forty percent of all registered crime in the country. Taking into account the hidden cases recorded by the Crime Survey, the British are faced with 3–3.5 million incidents annually, in which the country maintains a sad European leadership in terms of losses from specific authorized push payments, when the victim, under pressure, transfers funds to supposedly safe accounts, which forced the British government to legislate to oblige banking institutions to compensate for such financial losses.
Continental Europe, under the auspices of Europol, is also recording an aggressive increase in the number of phishing campaigns and investment traps, which in total wash out of the pockets of Europeans from 3 to 5 billion euros each year. The example of Germany is particularly illustrative, where the Federal Criminal Police Office registers more than 150 thousand pure cybercrimes each year against the background of the total number of property scams, which exceeds 800 thousand cases. In Germany and France, criminals most often exploit psychological pressure through fake calls from law enforcement officers who threaten elderly people with the loss of their savings, or use WhatsApp messenger to send messages on behalf of children who have allegedly changed their phone numbers and need financial assistance.
At the same time, on the other side of the planet, the Australian agency Scamwatch records annual losses of its citizens at 2.5–3 billion Australian dollars, with more than 60% of all calls falling on mobile communications and text messages, although in terms of financial destructiveness, romance fraud and intricate investment traps hold the lead.
The geography of origin of these threats is clearly transnational, as Interpol analysts identify three main macro-regional industrial hubs where professionally organized structures operate. The first cluster is located in Southeast Asia, particularly in Myanmar, Cambodia, and Laos, where entire closed paramilitary camps operate, where people are held in slave conditions and forced to carry out global crypto-scams and romance scams.
The second vector of activity is concentrated in West Africa, where groups from Nigeria and Ghana traditionally specialize in sophisticated romance scams known as “Nigerian letters” or “military bride” legends, as well as more technically complex corporate email hacks. Instead, South Asia, represented mainly by India, has turned into a global factory for generating fake technical support services for giants such as Microsoft, Apple and Amazon, from where operators massively attack the English-speaking population of the USA, Canada and Great Britain, manipulating the fear of fictional computer viruses or sudden blocking of personal accounts.
The security ecosystem: how automated algorithms of telecoms and banks intercept threats on the sly
The fight against cybercrime and telephone manipulation in the modern digital space has identified two radically opposite vectors: preventive-punitive and systemic-technological. While the Ukrainian strategy relies on rapid response, manual blocking of financial chains and continuous user training, Western countries shift the burden of defense to automated algorithms of telecom operators and hedging financial instruments of the banking sector. Global experience shows that individual vigilance of a citizen loses to the artificial intelligence of attackers if the communication and monitoring architecture itself is not able to cut off threats on the way to a potential victim.
Analysis of domestic experience demonstrates high dynamics in the field of stopping the movement of already stolen capital, although the overall percentage of actual return of funds to victims remains low. The National Bank of Ukraine, together with the State Financial Monitoring Service and the Cyberpolice, have directed key efforts to burn out the infrastructure of the so-called “drops” (pretenders who lease their accounts to criminals for cascading withdrawals – ed.). The introduced strict limits on outgoing P2P transfers and the integrated “Stop Fraud” database allow isolating a compromised card within the entire banking system within minutes after recording a violation.
Along with this, information campaigns like “Scam, goodbye” and verification through the state application “Diya” create a protective barrier, but it completely depends on the psychological resilience of the person himself in a stressful situation. If a user, under the influence of emotions, independently transfers passwords or makes a transaction, domestic financial institutions usually refuse compensation, classifying this as a gross violation of security rules by the client himself, which forces victims to go through a long path through the initiation of criminal proceedings.
A fundamentally different philosophy of protection is practiced in the United Kingdom, where the introduced legislative rule APP Scams Refund has radically changed the balance of liability, obliging banks to compensate for losses from telephone fraud within 5 days. Such financial pressure from the state has forced commercial banks to invest millions in the development of intelligent systems for recognizing anomalous behavior in real time and to introduce technology for confirming all financial transactions. This algorithm automatically checks the real name of the recipient account holder with the data that the attackers dictate to the payer, and forcibly stops the operation in case of a mismatch. Together with the centralized Action Fraud platform, this ecosystem minimizes the human factor, since financial institutions are now keen to intercept the transaction before it is completed, rather than leaving the client alone with the problem.
The American model of struggle shifts the emphasis towards large-scale cyber intelligence and tough forceful suppression of international criminal conglomerates. The joint work of the Federal Bureau of Investigation, in particular its Internet Crime Complaint Center (IC3), and the Federal Trade Commission (FTC) is focused not so much on unraveling minor domestic incidents of individual individuals, but on eliminating foreign call centers and blocking cross-border crypto wallets. US intelligence agencies have unique technical capabilities for tracking anonymous blockchain transactions, which allows them to expose entire networks of scammers, although for the average American, the process of returning a small amount stolen through local phishing remains quite bureaucratic and complicated.
In the European space, the security framework is built around regulatory directives and total technological control of telecommunications networks. The implementation of strict standards of the PSD2 directive and Anti-Spoofing technology at the level of mobile operators has made it possible to practically eliminate the phenomenon of phone number spoofing, when a legitimate bank or police contact is displayed on the smartphone screen. Operators in EU countries use STIR/SHAKEN cryptographic protocols, which automatically verify the authenticity of the origin of the call and instantly disconnect from the scammer before the victim’s phone starts ringing. In addition, the European Account Preservation Order tool within the SEPA zone allows you to instantly freeze the assets of criminals in any country of the union, blocking cross-border money laundering routes.
A comparative analysis of global practices clearly indicates that the systems of the UK and Australia demonstrate the highest viability due to the creation of a continuous cycle of automated countermeasures. In Australia, for example, the state-owned Scamwatch platform does not simply accumulate applications, but uses artificial intelligence to analyze arrays of complaints and automatically sends targeted SMS warnings to residents of those regions where an outbreak of a new fraudulent scheme has been recorded.
Thus, educational work, which remains a dominant element in Ukraine, is unable to restrain the pressure of the criminal world, since modern scammers actively use high-tech tools, including voice and video generation via Deepfake. The highest efficiency is guaranteed only by an approach where protection works proactively: a telecom operator does not miss a fake call, a banking algorithm blocks an atypical night money transfer, and the financial responsibility of institutions forces them to build impeccable protective systems.




