Fraudsters have started imitating the hacking of "Gosuslugi" to steal money

Fraudsters are using a new scheme to deceive citizens using the "Gosuservices" service. Attackers imitate account hacking so that a frightened person transfers money to a "safe account". This was told to "RIA Novosti" on December 24 by the commercial director of SafeTech Daria Verestnikova.

According to the specialist, the first call comes in the messenger WhatsApp (part of Meta, recognized as an extremist organization and banned in the Russian Federation) c nickname "Social Fund" allegedly to make an appointment for pension recalculation, and the victim is asked for a code from MTS ID. Then follows a call allegedly from the portal support with the text: "Someone is trying to steal data, we will help you". In this case, fraudsters, in order to induce trust, offer the victim to record the conversation and contact law enforcement authorities.

"In parallel, there are fake SMS about logging into the personal account of different MFIs, allegedly pooches about transferring money to different banks from MFIs (apparently on approved loans). And when the victim of the attack begins to seriously panic, she is contacted either by the "police" or the "bank", and to protect funds, she herself transfers all her money to a "safe account" or gives a fake "courier from the Central Bank" in cash, "- said Verestnikova.

The expert also pointed out that the fraudsters are not trying to gain access to the account on "Gosuslugi" and take out loans on a person, as proved by checking the credit history. Their main goals are to make the victim panic and put him in a state of affect, so that she does everything at the request of the deceivers.

Millions will lose data: Russians warned of the danger of fake neural networks

Experts told how to distinguish such resources from the original ones

Earlier, on December 23, the Russian vulnerability and data leakage intelligence service DLBI said that fraudsters began to fake reference sites and publish on them fake numbers of support services "Gosuslugi" to gain access to the accounts of portal users. In addition, attackers can send SMS-messages about an allegedly unsuccessful login attempt or even account hacking, in which they prescribe a fake support number.

Earlier, on December 22, Vadim Deryuzhinsky, head of the legal department of Sign.Me, noted in a conversation with Izvestia that the most common cases of fraud in the field of electronic signature (ES) occur not because of flaws in the technology, but because of the violation of basic rules of digital hygiene by users themselves. He said that not only a token, but also a mobile application can be the carrier of an electronic signature, and transferring access to it is also a gross violation of security techniques.