General security and wallet protection
The best protection is awareness and caution.
In these articles, we'll explain how to protect yourself, your data, and your money from fraudsters.
If you receive a call from an unknown number, it's better not to answer right away and first check who is calling. Never answer if your phone flags the call as spam. Most likely it really is spam or a scam attempt.
Even if a phone number looks similar to an official number of a bank, prosecutor's office, or online store, it could still be scammers:
difference can be just one digit which is easy to miss
phone number you see on your phone screen can be faked
Hang up the phone and check the number online. If you believe the call might have been legitimate, call back using the company's official number.
If someone calls you claiming to be from the bank and asks for any information (passwords, security words, codes), they are scammers. Their goal is to trick you into giving away your data and steal your money.
Hang up the call, check the official bank number, and call it yourself. Don't call back through your call history, always enter the number manually.
Never share the following data with anyone:
codes from text messages or notifications
full card number
card's expiration date
CVC and CVV codes
card's PIN
If anyone asks for your passport details, first make sure you understand why.
Scammers often trick people into sharing their information under the pretext of sending a package or transferring money. If you give them your details, you won't receive what was promised. Instead, a loan or microloan could be taken out in your name.
For a real package or transfer, the sender doesn't need your passport details.
If someone you know messages you asking for urgent money, make sure it's really this person.
Contact your friend through another channel and ask something only they would know. If you have their real phone number, call it, but not the one sent to you along with a suspicious request, as it may belong to a scammer.
If you're using someone else's computer, make sure the browser doesn't save your information.
Never enter passwords or payment details on someone else's device. If you must, use an incognito mode.
If your phone number is published online, it's an easy target for fraudsters.
Try not to share your personal phone number on social networks, and hide it in messenger apps.
If you publish an ad, get a "virtual number" from your carrier. It doesn't require a SIM card, calls will be received as usual, and the main number will remain safe.
Use strong passwords and update them at least once every six months.
Use complex combinations: uppercase and lowercase letters, numbers, and special characters. This makes your password harder to guess. Don't use common passwords and don't create them based on personal details such as your last name, pet's name, or names of close relatives. Don't write your password down, it's better to store it in a secure password manager or memorize it.
Always double check the address of the website you're using.
Fraudsters often change or add just a single letter which is easy to miss. You think you're entering data on the official website, but the scammer gets everything you typed in.
Our official website address always starts with https://yoomoney.ru/.
There're also additional addresses:
https://promo.yoomoney.ru
https://yookassa.ru
https://yoobusiness.ru
https://jobs.yoomoney.ru
https://events.yoomoney.ru
It's a fake, if you see as follows:
the address starts with http without s
at least one letter is different, for example, http://yoomonay.ru/
The YooMoney app can be downloaded:
from the official app stores: AppGallery, RuStore, Samsung Galaxy Store, Xiaomi Store, or Sber App Catalog
on our official website: https://promo.yoomoney.ru/app
Don't install apps from unofficial sources.
If you receive a link to a website or app in an email or text message, check the sender first:
our email address (the address, not the name) always contains @yoomoney.ru.
text messages are sent on behalf of YooMoney or from the number 1960
If you see anything different, it's a fake: don't click on any links and delete this email or text message.
Why fake websites and apps are dangerous. All data you enter: login, password, payment details, and other information will go directly into the hands of fraudsters. They'll use it to steal your money, while such a website may also contain viruses.
The main rule: keep your card details secret, and never enter your card's PIN on any website.
Never share your card details with strangers: card number, expiration date, CVV/CVC code, or PIN. Bank employees will never ask for this information. The support service may only request part of the card number: the first six and last four digits.
Online payments
Select online stores that have addresses starting with https (not http). This indicates a secure connection.
If you don't receive one-time passwords for payment confirmation (3-D Secure), ask your bank to enable this feature. Learn more about card payment protection
Before making a payment, check the website address. If it differs from the official one by even a single character, it's a fraudulent website. Their goal is to steal your personal data, passwords, and card details in order to take your money. Don't enter any data on such a website and close the page immediately.
Make purchases only using your own computer or smartphone. If you pay from another device, enable an incognito mode in your browser so that your payment details aren't saved.
Online payments don't require entering your card's PIN, instead you use the CVC or CVV code. If someone asks for your PIN, they are scammers trying to steal your information and your money.
Offline payments: in stores, cafes, and at public transport
If a store, terminal, or payment point looks suspicious, don't make a payment there.
Never hand your card to a cashier, waiter, or conductor as someone could take a photo of it and use the details to steal your money.
If you're told that the payment didn't go through, always ask for a receipt. Check that it actually says the transaction was declined. If it turns out the payment did go through, you won't be able to resolve the issue without the receipt.
ATMs
Choose safe points: bank branches, large shopping centers, or government offices. These places have cameras and monitored ATMs, so everything is more likely to work properly.
Don't use an ATM if it has visible damage, if the card slot or keypad looks unusual, or if it keeps restarting or responds very slowly. It may contain a skimming device that can steal your card details and allow fraudsters to withdraw your money.
If an ATM doesn't accept your card, don't use it as it's out of order. Never force your card in because the ATM may keep it.
Before entering your PIN, make sure no strangers are nearby and cover the keypad with your hand.
Before leaving the ATM, make sure you have taken your cash, card, and receipt.
If an ATM doesn't return your card, you must block it immediately. Even if the card is later returned to you, it can't be used as someone may have copied its data. If it's a YooMoney card, then block it on the website or in the app. Or call us right away: 8 800 700-22-99, 8 800 250-66-99, or +7 495 197-86-86.
The first thing to do is call us and be ready to provide your wallet number. The Support Service will take the necessary measures and tell you what to do next.
Our contacts: 8 800 700-22-99, 8 800 250-66-99, or +7 495 197-86-86.
What else you should do
Contact your mobile carrier to restore your SIM card. If that's not possible, ask them to block it. As long as the lost SIM card is active, anyone can use the services linked to your phone number, change your passwords, or confirm money transfers.
If your phone screen wasn't locked, enable the lock or delete the phone data remotely:
For iOS phones
For Android phonesBlock or close all bank cards linked to the services and apps on your smartphone. Some apps, like taxi services, can charge your card without additional confirmation. As long as the card is active, anyone could make orders and payments on your behalf. YooMoney cards can be closed in your wallet. To do this, you'll need to confirm the action with a text message. If you can't close the cards independently, contact the Support Service.
If you bought a new SIM card
Be sure to update your phone number:
— in your wallet settings (assistance of the Support Service may be required)
— in all important accounts: online banking, social networks, email box, and other services.Change your passwords for email box, social networks, and other important services linked to the lost phone number. Otherwise, someone could have gained access to them via text messages. Accounts you logged into from your smartphone are also at risk, since the password might have been saved on the lost device.
By default, YooMoney sends free email notifications about every payment, transfer, or change to your account. Make sure you haven't disabled notifications, and check the email address you provided. Regularly check your email box.
You can also enable notifications via text messages: 99 RUB per month or 699 RUB per year. Messages come from YooMoney or from the number 1960 to the phone number linked to your wallet.
If you receive a notification about a wallet transaction that you didn't make, contact the Support Service immediately. By law, your money can be returned if:
you're an identified user
theft was reported no later than 24 hours after the money was debited
verification confirmed that the wallet was hacked
You've really received an email from YooMoney if:
sender's email (the address, not the name) must contain @yoomoney.ru
all links and buttons in our emails lead to the official YooMoney website, and the browser address bar shows "https" or a padlock icon
email doesn't ask you to provide a password or any other payment details
You received a text message from YooMoney if it comes from YooMoney or from the number 1960.
If you receive a fraudulent message pretending to be from YooMoney, you can and should report it to the Support Service.
Viruses vary in their level of danger. Some only take up space on your computer, others cause system failures. The most dangerous ones steal personal data from your device.
If your computer is infected with this type of virus, it only takes entering your password once. The program will remember it and gain access to your account.
How to protect yourself:
Always use licensed antivirus software on all your devices and keep it up to date.
Download files of any format only after checking them for viruses.
Set up a firewall that blocks attempts to gain access to your computer.
In your browser settings, enable the pop-up blocker and phishing filter. If you're using Yandex Browser, you're fine as it has these settings enabled by default. Instructions for other browsers: Chrome, Microsoft Edge, Safari
Don't install remote access software at someone else's request. The most common ones include: TeamViewer, AnyDesk, RMS, RDP, Ammy Admin, but there are others as well.
YooMoney wallets are created only for personal use. They must not be used for business activities, payments to private crypto exchangers, illegal lenders, investment intermediaries, or similar operations. Doing so violates Russian law and the YooMoney service agreement.
Why you shouldn't transfer money for such services:
this may be related to illegal activity
you may not be able to get your money back in disputed situations
transfers to illegal organizations may result in your wallet being blocked or other unpleasant consequences
If you're unsure about the legitimacy of a transaction, don't transfer any money.
Use your wallet only for legal purposes as this will ensure your safety.