New Year Lottery Scams: Share Your Data, Invite a Friend, and Win a Million

By Ava McKinneyOnline Safety

New Year Lottery Scams: How Cybercriminals Are Targeting Users

Kaspersky Lab has reported a surge in cybercriminal activity using the lure of cash prize lotteries. New Year lotteries are a beloved tradition in Russia, and scammers are eager to take advantage of the season—but with very different intentions.

How the Scam Works

The latest scheme is simple but effective. Criminals, posing as major Russian retailers, send out messages promising a chance to win 500,000 or even 1 million rubles. To participate, users are asked to complete a survey (allegedly to improve store service) and share information about the promotion with their contacts.

The survey questions are straightforward but designed to extract as much personal information as possible. Many people willingly provide these details if told it will help improve service quality.

At the final stage, victims are asked to pay a symbolic fee of one ruble for access to the lottery database. While the amount is small, scammers gain access to banking information, which can be used to steal much more.

Expert Insights

“The problem of online fraud remains highly relevant,” says Tatyana Shcherbakova, Senior Content Analyst at Kaspersky. “Right now, scammers are actively exploiting the upcoming New Year holidays. Counting on users’ lack of attention, they often disguise themselves as well-known brands and promise large cash prizes for simple actions. Scammers may ask for bank card information or request a commission fee supposedly to receive the winnings.”

Fake lotteries have long been a trick used by cybercriminals, and they continue to be effective. This year, researchers from BI.ZONE found 3,200 fake online stores in the Russian internet segment offering visitors a chance to participate in prize draws.

How to Protect Yourself

To minimize risks, users should follow these guidelines:

  • Always verify information about lotteries on the official website of the stated organizer.
  • Do not click on suspicious links in emails, messengers, or social networks, and avoid clicking on ad banners on questionable websites.
  • Carefully check the website address in the browser’s address bar before entering payment information.
  • Use a separate card for online payments—preferably a virtual one—and keep only small amounts on it, with a daily withdrawal limit.

Experts also recommend using security solutions that can block attempts to access phishing and malicious websites.

Leave a Reply