All data at once: how fraudsters hack into Russians' "Gosuservices"
The Ministry of Internal Affairs has uncovered two schemes that fraudsters use to gain access to Russians' "Gosusluga". Security experts noted that there are actually more scenarios and they are constantly changing. "Izvestia" found out how criminals hack into personal offices on the service, what it threatens Russians and how to protect themselves.
The main schemes
The Ministry of Internal Affairs named two schemes by which fraudsters gain access to the accounts of Russians on the portal "Gosusgoservices". The first of them is associated with the phone number to which the account is linked, and the second - with calls under the guise of telecom operators, said in the press center of the Ministry.
The first scheme is often carried out with the reissue of the number - usually the one that a person has long stopped using, and issued for resale. The number is registered to a new owner, who then changes the password on the portal "Gosuservices", simply by entering a one-time code from SMS. The victim does not suspect anything - access to the application is not blocked when the password is changed.
In another scheme, which is more common, fraudsters use social engineering - they call Russians ostensibly on behalf of a telecom operator, offer to renew the number service contract and ask them to give the code from the SMS. In fact, this code is needed, again, to access a personal account on "Gosusluga".
"Having received the code, the attacker enters the personal cabinet of "Gosuslugi" and changes the password, in the control word hint field writes: "Your account is blocked, call the specified number." In this phrase, the specified phone number will be the number of fraudsters, after a call on which the scheme with the transfer of funds to a "safe account" will be used, - explained in the Ministry of Internal Affairs.
Having gained access to a person's account, criminals can, for example, issue microloans in his name. To do this, they apply to credit bureaus, obtain 2-NDFL certificates and register additional numbers, signing contracts with a specially generated in the application "Goskluch" strengthened unqualified electronic signature.
Arsenal of methods
As Marina Probets, an Internet analyst and expert at Gazinformservice, explains to Izvestia, fraudsters use a whole arsenal of methods to gain access to Russians' Gosusluzh accounts. In addition to the two schemes mentioned above, there are others, such as phishing. Criminals send fake messages imitating notifications from the portal and containing malicious links to fake sites where users enter their logins and passwords.
- Another common way is the use of malicious software that is installed on victims' devices and stealthily steals confidential data, including data for logging in to Gosuservices," the expert says.
At the same time, she adds, fraudsters are constantly improving their schemes, adapting to security measures and changing technologies. For example, fake sites are becoming visually indistinguishable from the real ones - plus fake SSL certificates are used to increase trust. In addition, fraudsters are increasingly using techniques to bypass phishing defenses, such as creating redirect chains or using domains that resemble legitimate domains with minor changes.
Standard schemes related to calls can also occur in different variations, adds Maxim Alexandrov, a software expert at Security Code. In the legends, fraudsters can call themselves not only representatives of the operator, but also employees of the portal itself - offering additional account protection and, again, asking to name the code.
- They can also send to the mail a payment slip for housing and utilities services with a QR code that leads to a fake page of "Gosuslugi", and if the user inserts there his credentials from the portal, the fraudsters will get access to it. This method is relatively new - the surge came at the end of last year, and not only with online "payments", but also with physical ones, which criminals dropped in the mailboxes of citizens, - says Alexandrov.
Ways of defense
Access to "Gosusluga" Russians are interested in fraudsters because of access to a large amount of personal information that is stored in the system. This information, including passport data, TIN, SNILS and bank details, is an extremely valuable resource for committing various crimes: from registration of loans in someone else's name and embezzlement of funds to real estate fraud, using someone else's identity to receive government benefits or benefits, explains analyst Marina Probets.
- Access allows fraudsters not only to obtain the data itself, but also to perform actions on behalf of the victim, which makes it easier to commit a crime and complicates the subsequent investigation. Thus, hacking or deceiving users opens a wide range of opportunities for fraudsters," the expert notes.
Therefore, it is important to protect your account from hacking and check if strangers are accessing your profile. You can do this in the "Security" tab in the application by going to the "System Actions" section. You should also pay attention to unexpected changes in personal data, such as adding new phone numbers, email addresses or bank cards.
- The most common sign of hacking is receiving notification of actions that you have not performed, such as applying for a loan, changing your password, or executing documents, - says Marina Probets.
Protecting your "Gosuslugi" account requires a comprehensive approach. The most effective method is to use a strong and unique password, it should include a long combination of letters (upper and lower case), numbers and symbols. In addition, you should enable two-factor authentication, which adds an extra layer of protection in the form of a code from an SMS or authenticator application. And be careful with suspicious messages - do not follow links from unknown sources and do not open attachments from unknown senders.
- But the main rule is to never share your credentials or codes with anyone. It is also useful to know that from March 1, 2025 in Russia there will be an opportunity to set a self-limit on loans. Thus, fraudsters will not be able to take out loans, even after gaining access to the account, " Maxim Alexandrov concludes.
