Ukrainians are losing millions to AI scammers: how to avoid falling victim

Voice clones, sophisticated phishing sites and AI bots have become the cybercriminals’ main weapons. We take a look at the most dangerous scams of 2026 and how to protect yourself against them.

by
Maxim Krus
-
0

Over the past year, the Ukrainian digital landscape has faced an unprecedented surge in high-tech crime. Whereas telephone scams and phishing were previously associated with crude texts riddled with grammatical errors, the situation changed dramatically in 2026. The use of generative artificial intelligence (AI), automated scripts and large language models (LLMs) has enabled criminals to turn the deception of citizens into an industrial-scale operation.

According to reports regularly published by Cybercrime Department of the National Police of Ukraine, ...the losses suffered by Ukrainians as a result of cyber fraud amount to hundreds of millions of hryvnias every month. In this wide-ranging investigation, we will dissect the anatomy of new AI scams, demonstrate real-world technical examples of how they are carried out, and teach you how to spot the traps instantly.

The new anatomy of digital fraud: how AI scams work in 2026

Modern cybercriminals They no longer work manually. Instead, they use ready-made software packages. The entire process—from identifying a victim to withdrawing funds—is automated through the integration of neural network APIs into the fraud software.

[User data collection] ➡️ [Generation of personalised AI content] ➡️ [Phishing page / Robocall] ➡️ [Data transfer via JSON] ➡️ [Funds debited]

Scheme 1: Smart phishing and fake government assistance

This is the most widespread threat. Fraudsters are exploiting the current financial crisis and the issue of international grants. They are creating thousands of fake websites that mimic the «Diya» portal, eSupport services, the UN or the Red Cross.

  • How it works technically: The attackers launch Python scripts, which automatically copy the source code from official websites, replacing only the data input forms. Instead of spending ages laying out each page, AI adapts the design to the current news story in seconds (for example, «New payments for IDPs in June 2026»).

  • Data collection: As soon as the victim enters their card number, CVV code or online banking password, this data is packaged into JSON packages and are instantly sent via encrypted WebSockets to the attackers’ server.

Figure 2: Voice cloning and attacks on messaging apps

This scheme hits where it hurts most — people’s emotions and the safety of their loved ones.

  • A real-life example: Fraudsters find a short video or voice message of a person on social media (TikTok, Instagram) – just 5–10 seconds of clear audio is enough. Using specialised AI platforms (such as ElevenLabs or local equivalents), they create a digital voice clone.

  • How the scam works: The victim receives a call from a robot or an operator using this AI voice in real time via a TTS (Text-to-Speech) system. The standard script goes as follows: «Mum, I’m in hospital/at the police station/on the front line; I urgently need money for medicine/repairs; I’ll send you my friend’s card details». Thanks to the perfect match in tone, diction and intonation, the victim has no reason to doubt it.

Figure 3: Intelligent AI Voice Bots

The era of «call centre agents» has officially come to an end. Now, voice-based AI assistants are leading the charge.

  • What is the danger: Unlike humans, the robot never tires; it speaks flawless, literary Ukrainian without the slightest trace of an accent or mixed language, is polite, and defends its demands with ironclad logic.

  • Script: The robot introduces itself as an employee of the Security Service National Bank of Ukraine or your bank. It reports a «suspicious transaction from your account in the city» or an «attempt to reissue your SIM card». The bot does not ask for your password directly — it asks you to «read out the code from the text message for the automated transfer cancellation system». The NBU never deals with private individuals and does not call members of the public.

Technical audit of a scam site: how to spot a fraudulent website using key indicators

Even if fraudsters Even if they use the most advanced AI to replicate the interface, they cannot replicate the network’s overall architecture. There are several tell-tale signs that give the criminals away.

1. Domain name structure and URL slug

Government agencies and banks spend millions on protecting their domains. Fraudsters are forced to buy cheap addresses.

  • Official domains: They always end strictly at .gov.ua (for government bodies) or have a clear, well-known brand (for example, privatbank.ua).

  • Fraudulent domains: They use wordplay (diia-payments.site, privat24-security.top, monobank-help.cc). Please note URL slug — if the website name is followed by a jumble of characters or subdomains, it’s definitely a scam.

2. Technical negligence in the website code

As phishing websites typically remain online for anywhere from a few hours to a few days (until they are blocked by the hosting provider or internet service provider), fraudsters do not bother with SEO optimisation or technical audits.

  • Violation of the heading hierarchy: On pages like these, the heading structure is completely broken. You won’t find a proper hierarchy of headings from H1 to H3 there. Often, the heading tags are missing altogether, and the entire text is formatted as plain paragraphs in bold.

  • Image attributes: Images on fraudulent websites are downloaded from third-party servers or stock image sites; they are not optimised for size, and Alt text (alternative descriptions for search engine bots) are always empty or contain technical clutter.

Comparative analysis: Traditional fraudsters vs AI scammers 2026

To get a clear picture of the scale of the threat, let’s take a look at how cybercriminals’ methods have evolved in recent years.

Comparison criterion Old methods (up to 2024) Modern AI architectures (2026)
Language and communication Mistakes, Russianisms, psychological pressure, mixed language. Flawless Ukrainian, a calm and professional tone.
Scalability A single operator could make 20 to 30 calls a day. AI scripts are simultaneously calling or harassing thousands of people.
Visual similarity between websites Crooked layout, poor-quality logos, noticeable discrepancies. An exact replica thanks to automatic interface cloning.
Voice authentication Attempts to imitate crying or screaming into the phone. A stranger is speaking in your relative’s actual voice.

Cybersecurity checklist: How to protect your money and data

To avoid becoming just another statistic in the Home Office’s figures, incorporate these five basic rules into your daily life:

  1. Protect your SIM card. Fraudsters often try to create a remote duplicate of your SIM card to gain access to mobile banking. Open your mobile operator’s app (Kyivstar, Vodafone or lifecell) and verify your identity using your passport or digital signature (Diya.Signature). This will permanently block the ability for unauthorised persons to reissue your card.

  2. Enter the family password. Agree on a unique «secret word» with your parents, children and loved ones that only you know. If you receive a call and someone, pretending to be your son, asks you to transfer money urgently, simply say: «Say the password». An AI robot won't be able to answer that question.

  3. Check your transactions via the «STOP FRAUD» service. Before entering your card details on any new website, check its address on the Cyber Police website. They maintain a constantly updated database of phishing sites and fraudulent cards.

  4. Use two-factor authentication (2FA). You should have it set up on every account you have: from Google and Telegram to banking apps. Even if fraudsters manage to trick you into revealing your password, they won’t be able to log in without the second factor (the code from the authentication app).

  5. Keep an eye on your Google Search Console account. If you run your own website or online business, check your indexing logs regularly. Fraudsters sometimes try to hack vulnerable websites to create hidden pages (doorways) on their subdomains to redirect users to phishing platforms.

What should you do if your data has already been stolen by fraudsters?

If you realise that you have accidentally entered your details on a suspicious website or transferred the funds:

  • Block your card immediately. Don’t wait for the money to be debited. A single tap in the mobile app or a call to the bank’s helpline will save your money.

  • Please report this to the Cyber Police. You can report a crime directly via the official form on their website. The sooner they receive a link to the phishing site, the sooner they will block it at the level of Ukrainian internet service providers.

  • Please inform your contacts. If hackers have gained access to your Telegram or Facebook account, they will start sending messages to everyone in your contact list. Post a warning on your other social media accounts stating that your account has been hacked.

By 2026, artificial intelligence had become an integral part of our lives, and, unfortunately, the criminal underworld is the quickest to embrace it. Only your personal digital literacy, a cool head and attention to technical details (such as domain names and secure protocols) can ensure reliable protection of your capital in the age of deepfakes.

Support Ukrmedia.news

No related posts

ARTICLES ON THE TOPICMORE FROM THE AUTHOR

WRITE A REPLY

enter your comment!
enter your name here