Back

Rambler.ru Email Exploited in Gaming Account Recovery Scams

Severity: Medium (Score: 59.2)

Sources: Cybernews, Bitdefender

Published: 2026-05-27 · Updated: 2026-05-27

Keywords: gaming, accounts, recovery, your, account, rambler, their

Summary

Cybercriminals are targeting gamers through a two-stage recovery scam involving hijacked accounts. Initially, hackers compromise gaming accounts using phishing and other methods, often changing the email to a Rambler.ru address. Weeks later, victims receive unsolicited messages from scammers claiming to help recover their accounts, leveraging knowledge of the stolen credentials. This scam exploits the victims' desperation, as attackers often provide partial truths to appear credible. Many victims report that these scams are linked to Rambler.ru email accounts, which are used for password resets and recovery requests. The attackers may also seek to extort money or gather further sensitive information. Victims are advised to avoid engaging with these scammers and to seek official support for account recovery. Key Points: • Gamers are targeted in a two-stage recovery scam involving hijacked accounts. • Scammers use knowledge of stolen credentials to appear credible and exploit victims' desperation. • Victims are advised to ignore unsolicited messages and use official support for recovery.

Detailed Analysis

**Impact** Gamers worldwide are targeted, with account takeovers leading to loss of access and financial extortion. The scam affects users of multiple gaming platforms, with attackers exploiting linked Rambler.ru email accounts to maintain control. Victims risk losing not only gaming accounts but also associated email accounts, crypto wallets, and sensitive personal data. The financial impact includes direct extortion payments and potential broader compromise of reused credentials across services. **Technical Details** Attackers initially compromise accounts via phishing, credential stuffing, malware, or social engineering, then replace the victim’s email with a Rambler.ru mailbox or similar Russian email providers like Mail.ru and Yandex.ru. The second-stage scam involves unsolicited messages on Discord, Telegram, or social media offering account recovery, leveraging partial truths such as known credentials and purchase history. Attackers retain control through linked emails, trusted devices, OAuth tokens, or active sessions. No specific malware names, CVEs, or IOCs were provided. **Recommended Response** Users should ignore unsolicited recovery offers and avoid interacting with unknown contacts claiming to help recover accounts. Defenders should monitor for account email changes to suspicious domains like Rambler.ru and alert users to potential takeovers. Recovery attempts should be conducted only through official support channels. Organizations should enforce multi-factor authentication and monitor for unusual OAuth or session token activity.

Source articles (2)

  • 'I found your hacked account': inside the Rambler.ru recovery scam — Bitdefender · 2026-05-26
    Your gaming account is suddenly hijacked. The emailer changes the email address to a Rambler.ru mailbox. Support requests go nowhere. A while later, perhaps weeks, a stranger appears on Discord or som…
  • Stolen gaming accounts abused in second-stage recovery scams — Cybernews · 2026-05-27
    Victims who had their gaming accounts hijacked are receiving unsolicited Telegram or Discord messages from scammers claiming to have their login credentials and offering help. But it's a trap – gamers…

Timeline

  • Recent — Gamers report recovery scams: Victims of gaming account hijacking receive unsolicited messages from scammers claiming to help recover their accounts.
  • Recent — Attackers exploit Rambler.ru email: Cybercriminals change victims' email addresses to Rambler.ru, using it for account recovery and extortion.

Related entities

  • Credential Stuffing (Attack Type)
  • Malware (Attack Type)
  • Phishing (Attack Type)
  • mail.ru (Domain)
  • rambler.ru (Domain)
  • yandex.ru (Domain)
  • T1110 - Brute Force (Mitre Attack)
  • T1566 - Phishing (Mitre Attack)
  • Discord (Platform)
  • Steam (Platform)
  • Telegram (Platform)
Loading threat details...

Threat Not Found

The threat cluster you're looking for doesn't exist or has been removed.

Return to Feed