Beware of Scams: Fraudsters Follow Lithuania's Payment Calendar
Translated from Lithuanian, summarized and contextualized by DistantNews.
At a glance
- Scammers in Lithuania follow a calendar of state payments, impersonating institutions like the Tax Inspectorate when refunds are expected or mimicking messages about benefits.
- "Bitฤ Lietuva" blocked over 300,000 scam SMS messages and nearly 4 million scam calls in the first half of the year, averaging over 20,000 blocked attempts daily.
- While technology helps, individuals must remain vigilant, as scammers constantly adapt their methods to bypass security systems.
Lithuanians are being warned to exercise extreme caution with SMS messages, emails, and calls claiming to be about benefits or requiring data updates, as scammers strategically target people around payment schedules. "Scammers rarely act randomly โ they follow the state's calendar," explained Eligijus Rakickas, head of the Private Clients segment at "Bitฤ Lietuva."
Scammers rarely act randomly โ they follow the state's calendar. When residents await tax refunds, they impersonate the State Tax Inspectorate. When benefits or compensation payments begin, messages appear about supposedly suspended payments, the need to confirm bank details, or log into state systems.
Rakickas noted that when citizens anticipate tax refunds, fraudsters pose as the State Tax Inspectorate (VMI). Similarly, during benefit payout periods, messages appear alleging payment suspensions or demanding bank data verification. "Bitฤ Lietuva" has been actively combating these threats, blocking over 300,000 scam SMS messages and nearly 4 million scam calls in the first half of 2026. On average, the company blocks more than 20,000 scam attempts daily aimed at reaching Lithuanian residents.
Most often, we currently record attempts to impersonate the State Tax Inspectorate, "Mano VMI," electronic government gateways, and the police. However, scammers' scenarios are constantly changing โ they exploit every opportunity when people expect to receive an important message or money.
Common impersonations include the VMI, "Mano VMI," e-government portals, and the police. Scammers frequently use slightly altered website links, differing by just one letter or domain ending, to trick users who recognize familiar logos or institution names. Rakickas highlighted that scammers' activity peaks on weekdays, decreasing on weekends, suggesting they plan their operations to coincide with times people expect official communications.
People first see a familiar logo or institution name โ because of this, they often don't check the links. Instead of VMI, it might say VML, instead of "ePaslaugos" โ "ePasIaugos," and instead of .lt, another internet address ending is used. Not everyone notices such small differences.
Despite technological defenses, the fight against remote scammers is ongoing. "Bitฤ" continuously develops new solutions, but scammers adapt, creating a constant "cat and mouse game." Ultimately, personal vigilance is key. If someone clicks a fraudulent link or divulges sensitive information, insurance against electronic fraud may offer some financial recourse for money lost from bank accounts or through compromised payment cards.
The fight against remote scammers is an ongoing process. We use existing market solutions and develop new ones, but we still notice that as soon as scammers realize their "campaign" is no longer reaching "Bitฤ" customers, they look for other ways to bypass security systems. It's a constant cat and mouse game.
Originally published by Delfi in Lithuanian. Translated, summarized, and contextualized by our editorial team with added local perspective. Read our editorial standards.