A resident of Dnipro lost over 70,000 hryvnias due to a virtual reality headset, becoming a victim of a new type of fraud.

This type of scheme for stealing money from accounts has been recorded in Ukraine for the first time.

https://vidomo.media/rus/crime/1736438729-poteryala-bolee-70-tysyach-griven-iz-za-shlema-virtualnoy-realnosti-zhitelnitsa-dnepra-stala-zhertvoy-novogo-vida-moshennichestva2025-01-10 07:08:59

A case of fraud occurred in Dnipro involving the use of the Oculus virtual reality service. The victim was the owner of a Porsche Cayenne, who received a substantial insurance payout of over 70,000 hryvnias following a traffic accident. This was reported by "Vydomo," referring to the D1 TV channel.

The money was credited to her account at PrivatBank. That evening, the woman noticed suspicious activity on her account. Initially, she mistook the vibration of her phone for an alert about an air raid, a common occurrence in Ukraine under martial law. However, upon checking the "Privat24" app, she discovered a series of transactions made without her consent.

The fraudsters employed a clever scheme, withdrawing small amounts—$19.99 each—to evade immediate blocking of operations by the bank's security system. This is a classic example of "dropping," a technique where small sums are withdrawn to remain unnoticed until a significant amount is accumulated.

In this instance, 79 transactions of $19.99 totaled nearly $1,500, which is approximately 70,000 hryvnias at the current exchange rate. It was only on the 80th attempt to withdraw money that the woman suspected something was wrong and, contacting PrivatBank's support service, immediately blocked her card.

The investigation revealed that the fraudsters used the Oculus Digital service, associated with the sale and use of Oculus virtual reality headsets. This case, documented by the Kryvyi Rih District Court in Dnipro, became the first registered incident of fraud in Ukraine using such a scheme.

It remains unclear how exactly the fraudsters gained access to the woman's account in Privat24. It is possible that this was a phishing attack—a common scheme where the victim clicks on a phishing link disguised as the bank's website and enters their information on a fake resource.

Another possibility is that the woman's device was infected with malware that secretly captured data, including her login and password for "Privat24."

Regardless, the victim was unable to recover the full amount of money lost to the fraudsters; the bank only partially compensated her losses—27,000 hryvnias according to the rules of the international payment system VISA.