{"id":30772,"date":"2026-06-01T12:33:21","date_gmt":"2026-06-01T07:03:21","guid":{"rendered":"https:\/\/www.kaspersky.co.in\/blog\/the-great-messaging-heist\/30772\/"},"modified":"2026-06-01T12:33:38","modified_gmt":"2026-06-01T07:03:38","slug":"the-great-messaging-heist","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.in\/blog\/the-great-messaging-heist\/30772\/","title":{"rendered":"The great messaging heist targeting your wallet"},"content":{"rendered":"

It starts with the familiar: a short message, a trusted name, a routine tone. Delivery updates, work pings, brand alerts hum in the background, rarely attracting scrutiny. You check, you answer\u2026 \u2014 until minutes later you\u2019ve slipped into a trap built to lower your guard and hijack your trust.<\/p>\n

That\u2019s why messaging scams cut deep: they exploit everyday habits where instinct, not caution, leads. Communication once moved slowly, leaving room for doubt. Now it\u2019s instant \u2014 and that speed is a weapon in criminal hands.<\/p>\n

On our blog, we\u2019ve already examined numerous scam schemes in messaging apps \u2014 from pig butchering<\/a>, where the victim is groomed for a very long time, or catfishing<\/a>, where the scammer creates a fake identity, to phishing via chatbots<\/a> or through gift-giving campaigns<\/a> in messaging apps.<\/p>\n

Now, for the first time, Kaspersky has set out to capture the full end-to-end reality of messaging-based scams to understand how quickly harm occurs, how they impact trust and what remains after the interaction ends. What emerges is a highly organized and industrialized scam ecosystem embedded within everyday messaging channels such as SMS, WhatsApp, and email.<\/p>\n

Kaspersky experts have prepared a report on targeted scams in messaging apps, detailing not only the financial but also the emotional damage caused by such attacks, as well as providing tips on how to protect yourself and avoid them. In this post, we explore the most interesting facts, but you can find more details in the full report<\/a>.<\/p>\n

The damage is underestimated<\/h2>\n

How much do you think a single successful attack via a messaging app costs the average victim? Ten dollars? Or maybe 50? You\u2019re underestimating the scammers. Although more than a third (36%) of victims incur losses of less than $135, on average a victim loses\u2026 $733!<\/p>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
Country<\/strong><\/td>\nAverage loss per victim<\/strong><\/td>\n<\/tr>\n
Senegal<\/td>\n$392.94<\/td>\n<\/tr>\n
Serbia<\/td>\n$493.32<\/td>\n<\/tr>\n
Morocco<\/td>\n$504.28<\/td>\n<\/tr>\n
Greece<\/td>\n$609.32<\/td>\n<\/tr>\n
United Kingdom<\/td>\n$617.38<\/td>\n<\/tr>\n
C\u00f4te d\u2019Ivoire<\/td>\n$654.11<\/td>\n<\/tr>\n
Spain<\/td>\n$672.67<\/td>\n<\/tr>\n
United States<\/td>\n$724.73<\/td>\n<\/tr>\n
Portugal<\/td>\n$868.20<\/td>\n<\/tr>\n
Italy<\/td>\n$896.02<\/td>\n<\/tr>\n
France<\/td>\n$1,193.58<\/td>\n<\/tr>\n
Germany<\/td>\n$1,369.35<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
\n

The average amount lost by a victim in a successful attack via a messaging app<\/p>\n<\/div>\n

On the one hand, the financial hit doesn\u2019t look catastrophic in isolation. These are micro-losses by design. Small enough that some never report them to the police. Small enough that banks don\u2019t always investigate. Small enough to be dismissed as bad luck rather than organized crime.<\/p>\n

But $733 is not nothing. It\u2019s enough to cover a month\u2019s worth of groceries, school or daycare fees, or utility bills. Against the backdrop of the global cost-of-living crisis, a single such loss can seriously dent a family\u2019s budget.<\/p>\n

In 11% of cases, losses exceed $1,350, and more than a quarter of victims (28%) report having been scammed three or more times in the past six months. Once scammers discover that a phone number responds, that contact becomes an asset, circulating from one database to another.<\/p>\n

Now imagine the scale of the problem: if just 10% of the three billion messaging\u2011app users worldwide fell victim with the average loss, the total damage would amount to\u2026 nearly $220 billion! This is comparable to the GDP of Greece, and exceeds that of Morocco, Serbia, or C\u00f4te d\u2019Ivoire.<\/p>\n

It becomes clear that behind the daily flood of fraudulent schemes lie large scam cartels operating on an industrial scale, using AI to personalize messages that mimic those of family members, friends, and familiar brands. This, in essence, forms the basis of a full-fledged economy built on digital identity theft.<\/p>\n

\"Scam<\/a><\/p>\n

Speed beats scrutiny<\/h2>\n

More than half of successful messaging scams (52%) unfold in under 30 minutes\u00a0\u2014 from first contact to the moment money or personal data changes hands\u00a0\u2014 or even faster, before the victim begins to doubt the legitimacy of the sender. In fact, one in seven scams takes less than five minutes\u00a0\u2014 quicker than boiling an egg!<\/p>\n

The speed isn\u2019t accidental. It\u2019s the method. Scammers structure their schemes to deny the victim a chance to come to their senses. Every element is engineered to compress the decision-making window: the urgency of the scenario, the familiarity of the format, the plausibility of the request.<\/p>\n

They rush you \u2014 faster, faster, don\u2019t tell anyone, you only have a few minutes, solve the problem, don\u2019t ask questions. Click the link, fill in the details, approve the transaction, or else\u2026 Or else what? The scammers\u2019 imagination knows no bounds here, but if you don\u2019t do something right now<\/em>, you\u2019ll definitely regret it.<\/p>\n

Alas, the realization of what has happened usually comes when the damage is already irreversible. More than half of victims (51%) lose money; another 43% hand over their personal data\u00a0\u2014 most commonly phone numbers, names, and email addresses\u00a0\u2014 to scammers, and often the victim loses both.<\/p>\n

Where and how attacks occur<\/h2>\n

A delivery notification, a bank alert, a message from a merchant you ordered from last week \u2014 messaging apps permeate every aspect of everyday life, making such interactions completely normal. An attack shouldn\u2019t feel like an attack. It should feel like the same message you\u2019ve received hundreds of times.<\/p>\n

It\u2019s no surprise that scammers focus their attention on this method of communication first and foremost. The most popular platforms for scams are predictable: WhatsApp (43%), SMS\/iMessage (40%), Facebook (27%), Telegram (22%), and Instagram (19%)\u00a0\u2014 these are the ones that people trust most.<\/p>\n

A wide variety of schemes is used. Brand impersonation is now one of the three most common types of messaging scam worldwide \u2014 accounting for 31% of cases. Fake delivery notifications top the list at 38%, followed by investment scams at 37%.<\/p>\n

At the same time, nearly two-thirds (63%) of fraudulent schemes span multiple platforms, moving from SMS to WhatsApp, from WhatsApp to Telegram, etc. In this way, scammers achieve two goals: they mimic organic messaging and evade moderation algorithms.<\/p>\n

AI has taken scams to a new level<\/h2>\n

Just a couple of years ago, fraudulent messages gave themselves away with bad grammar, awkward phrasing, illogical requests, and an obsessive sense of urgency. Today, a phishing message looks, sounds, and reads just like the real thing.<\/p>\n

Scam cartels want to catch people in motion\u00a0\u2014 between meetings, on a commute, or during everyday tasks\u00a0\u2014 when your attention is already fragmented. They mimic your mother\u2019s turn of phrase. They match your bank\u2019s tone of voice. They copy your courier\u2019s format exactly. They mirror the rhythm, structure, and style of authentic brand communications across messaging platforms. And AI is accelerating all of it.<\/p>\n

What this creates is overlap. Legitimate and fraudulent messages appear in the same environment, using the same formats, language, and triggers. The difference between them is no longer obvious.<\/p>\n

The data shows that two-thirds of victims (66%) believe AI was used in the scam against them, 42% cite messages written by AI, 31% report generated or cloned voices, and 25% encountered deepfake images or videos.<\/p>\n

That\u2019s why mere awareness and \u201ctech-savviness\u201d may no longer be enough to protect oneself. From Gen Z to Gen X, messaging scams cut across every generation.<\/p>\n

And what about the emotional toll?<\/h2>\n

But money is far from the only problem a victim is left with after an attack. After what they\u2019ve been through, people develop distrust toward incoming messages, unfamiliar numbers, and any requests for action. As a result, 99% of fraud victims say they no longer trust incoming notifications in messaging apps.<\/p>\n

This creates a crisis of trust in all digital channels in general. Every legitimate message can now be perceived as a scam. Brands, banks, and delivery services are forced to operate in an environment where the customer is, by default, in a state of distrust.<\/p>\n

Dr. Elizabeth Carter, a forensic linguist and criminologist at Kingston University in London, notes that scammers use familiar contexts, common social settings and embedded linguistic norms to create the illusion for the victim that their decision-making is rational and reasonable in the moment. However, what is actually happening is that they construct false realities in which those decisions end up causing financial and psychological harm. She also notes that it is very hard to identify a false reality while you are in it.<\/p>\n

After realizing they had been deceived, more than half of victims felt anger\u00a0\u2014 the kind that comes from having trusted something and discovering it was used against you. 42% of victims report frustration, 38% \u2014 feeling upset. Moreover, several months later, these feelings haven\u2019t gone away: nearly half of all victims (48%) are still angry, a third (33%) remain frustrated, and 30% are upset.<\/p>\n

And nearly one in 10 victims don\u2019t tell anyone what happened. They feel shame, a sense of having fallen for something so obvious. This leaves a significant portion of the actual damage unreported: only 24% of victims contact the police, and only 23% report it to their bank.<\/p>\n

\"Messaging<\/a><\/p>\n

So what can be done?<\/h2>\n

The crisis of trust \u2014 and even a touch of paranoia \u2014 that has arisen due to widespread attacks on users can linger in victims\u2019 minds for a long time, affecting their quality of life. To prevent this, follow these guidelines:<\/p>\n