As the holiday season kicked off in late 2025, cybersecurity experts spotted a sharp rise in scams exploiting fake advent calendars online. Russian users were lured by promises of guaranteed prizes, only to have their personal data and money stolen through clever social media ploys on platforms like TikTok and Telegram.
The scam unfolded in multiple stages: fraudsters posted enticing videos urging viewers to follow links in comments or profiles for an exclusive offer. These links led to counterfeit websites designed to look like official retailer pages, inviting victims to open advent calendar slots and claim rewards. To receive their ”prizes,” users had to interact with Telegram bots that harvested personal information and pushed subscriptions or payments lining the scammers’ pockets.
According to Russian companies Zolotoe Yabloko and F6, between late November 2025 and mid-January 2026, at least 12 fake sites, over 220 TikTok videos, and more than 20 Telegram channels and bots were identified and shut down as part of this scheme. The spike in attacks coincided with the festive season, when users are more susceptible to promotional giveaways and contests.
How fake advent calendar scams operate
At the heart of this scam is a well-known psychological trick: the allure of easy, guaranteed rewards. Scammers create fake or hijacked TikTok accounts to push videos urging participation in ”exclusive” prize events. Clicking the links directs users to fraudulent websites nearly indistinguishable from the real retailer’s pages, where Telegram bots take over. These bots gather personal data, coax victims into subscribing to paid services, and sometimes even initiate financial transactions – all woven into a single deceptive funnel that hijacks users’ trust in familiar brands.
While holiday-themed social engineering attacks are nothing new, criminals constantly refine their tactics. They now use complex redirect routes and multiple platforms simultaneously to evade detection and blockages. Only real-time monitoring and swift action by cybersecurity teams, as demonstrated during the advent calendar scam wave, can stop these frauds before users face serious losses.
Tips to avoid falling for fake advent calendar scams
- Never click links in comments or private messages from unknown accounts or Telegram bots.
- Verify contests and promotions exclusively through official websites and verified brand social media profiles.
- Be cautious of accounts claiming to be employees offering ”special discounts” accessible only via a provided link.
- If an offer is ”free” but comes with pressure to act quickly, it’s likely a manipulation tactic favoring scammers.
These precautions remain the best defense against social engineering schemes, which cybercriminals tweak to follow every new online trend. In 2025, social networks became a hotbed for advent calendar scams, but similar ruses could resurface disguised in fresh, trendy formats-targeting unsuspecting users once again.
Globally, tech giants like Apple, Google, and Samsung have also battled phishing scams leveraging seasonal promotions, but the scale and sophistication of localized schemes on platforms popular in Russia add a different layer of challenge. This case underscores the ongoing arms race between fraudsters innovating social engineering tactics and defenders ramping up their detection and user education efforts nationwide.
Looking ahead, expect scammers to increasingly blend multiple platforms and real-time interaction tools like chatbots to build more convincing narratives. The key question is whether security teams worldwide can keep pace with these evolving threats without fatiguing users with constant warnings. The 2025 advent calendar fraud wave serves as a reminder: festive season giveaways can come with a hidden cost.