Phishers Collect VKontakte Passwords Using Fake Archive Leak Warnings

Recently, a phishing campaign has been detected on the VKontakte social network, targeting users in an attempt to steal their account passwords. Attackers inform users that their personal archive is about to be sent to someone else’s email address and urge them to follow a provided link to cancel the operation and change their password.

How the Scam Works

VKontakte users have the option to download an archive containing all the information the social network has collected about them. This archive includes not only public profile data, but also all private messages, uploaded documents, linked phone numbers, payment history, and a list of used bank cards.

Only the account owner can request this archive by logging into their account. However, phishers exploit users’ fear of data leaks, making them forget this fact.

The scam typically unfolds as follows:

• The user receives an alarming message (via email, push notification, or direct message) stating, “An archive of all your conversations will be created in 24 hours and sent to the email XXX,” where XXX is a random, clearly unfamiliar address.
• To cancel the creation and transfer of the archive, the user is asked to follow a link to a website whose name includes “vk.”
• The fake page contains a form for changing the password. If the user enters their information, it is sent directly to the phishers.

One of the phishing sites used in this scheme (vkarchives[.]com) has already been identified and taken down. Access to it via links shared on the social network is now blocked.

Official VKontakte Response

“Attackers can create phishing sites and send spam emails, disguising themselves as popular platforms,” commented Alexander Shvets, Director of User Privacy Protection at VKontakte. “Of course, no one is hacking our servers or accessing our databases. People unwittingly give away their profiles to scammers by clicking on unverified links.

On average, we send about 10,000 password change warnings per day. We promptly block access from VKontakte to malicious sites. We also recommend not using harmful programs that ask for personal data in exchange for features that VKontakte does not offer, such as viewing hidden photos, seeing page visitors, unlimited gifts, or free votes.”

Regarding this specific case, a VKontakte representative emphasized that it is impossible to download a personal archive without confirmation from a device linked to the account, and the unique download link cannot be opened from another profile. Users concerned about the security of their data can also encrypt their archive using a personal OpenPGP key.

How to Protect Yourself from Phishing

To avoid falling victim to phishing scams, VKontakte users should follow these rules:

• Do not click on links from unexpected messages, especially those that play on your emotions.
• Always enter the VKontakte website address manually in your browser or use the official VKontakte app.
• When following a link, always check the page’s URL in the address bar and never enter your login details on third-party sites.
• Enable two-factor authentication (2FA) and do not neglect this security option.
• If you have any doubts about your account’s security, change your password or contact VKontakte support.