Educational interest: how schoolchildren's accounts on "Gosusluga" attract fraudsters

Schoolchildren's accounts on "Gosuslugi" may be in the crosshairs of fraudsters, experts have warned. The hacked accounts of teenagers may become a tool for attacks on their families and be used in other schemes of attackers. Details on why schoolchildren's accounts on "Gosuslugi" attract fraudsters, how dangerous it is and how to protect themselves from such threats, read in the material "Izvestia".

Why schoolchildren's accounts on "Gosuslugi" are interesting to fraudsters

Recently, fraudsters are increasingly paying attention to children and teenagers - potential victims who are most vulnerable to various crimes, says Natalia Lylova, a researcher at the Neimark cybersecurity center, in a conversation with Izvestia.

- Children are well versed in modern technologies, but they lack the life experience and knowledge to recognize criminals and not to do what the attackers ask them to do," the expert explains. - In addition, children are more easily manipulated and more susceptible to intimidation.

Photo: Izvestia/Anna Selina

From the age of 14, immediately after receiving a passport, schoolchildren can create a full account on "Gosuslugi" with access to personal data and bank cards. At the same time, they are not yet able to think critically and evaluate requests from criminals, says Natalia Lylova. All this makes them attractive targets for fraudsters.

Internet analyst and expert at Gazinformservice Marina Probets adds that with the help of schoolchildren's accounts on "Gosuslugi", attackers can gain access to personal data of the child and his parents, which is then used for phishing, blackmail or other fraudulent schemes.

Photo: Izvestia/Eduard Kornienko

In addition, compromised children's accounts can become part of a botnet for DDoS attacks or spam distribution. Finally, the very fact of having access to a government portal gives fraudsters the illusion of legitimacy and can help them manipulate victims, the expert notes.

All data at once: how fraudsters hack into Russians' "Gosuservices"

After the attack, the criminals take out loans in the names of the victims

How schoolchildren's accounts on "Gosuslugi" can be hijacked

The specificity of "hijacking" schoolchildren's accounts on "Gosuslugi" lies in the combination of technical simplicity of hacking with the psychological vulnerability of children, says Marina Probets. Fraudsters rarely use sophisticated hacking tools, preferring social engineering: deception, intimidation and manipulation.

- Schoolchildren, as a rule, are less aware of the rules of digital security and more gullible than adults," says the Izvestia interlocutor. - The pretext of "checking their grades" or addressing them on behalf of the head teacher effectively removes suspicion and encourages the child to disclose confidential information such as access codes.

Photo: Izvestia/Mitriy Korotayev

Attackers can call the young victim both on behalf of school representatives and on behalf of a cellular operator or bank, Natalia Lylova adds. Thus, according to Marina Probets, the specificity of hacking school accounts on "Gosuslugi" is not in the technical complexity, but in the exploitation of children's naivety and lack of digital literacy.

Alexander Vurasko, development director of the Solar Aura (Solar Group of Companies) external digital threat monitoring center, notes that hacked schoolchildren's accounts can be used by attackers for a variety of purposes. Together with access to the account, fraudsters receive a pool of personal data, can authorize through this account in third-party services and so on. At the same time, logins, passwords and other personal data of "Gosuslugi" users are reliably protected around the clock, and the portal itself has not been subjected to leaks before.

- That is why attackers are trying to influence users of different ages, using the human factor as the only way to gain access to the data of victims, - emphasizes Alexander Vurasko.

How fraudsters use schoolchildren's accounts on "Gosuslugi".

At first glance, it may seem that the accounts of schoolchildren may not be of particular interest to attackers: most of the owners of such accounts are underage citizens, and even having obtained their passport data, fraudsters will not be able to issue a loan or SIM-card.

- However, account hijacking is only the first stage of an attack," says Konstantin Gorbunov, an expert on network threats and web developer at Security Code. - Usually, after losing access, the user starts receiving SMS allegedly from the security service of "Gosuslugi".

Photo: Izvestia/Pavel Volkov

Inorder to increase the pressure on the child, in parallel, he begins to receive notifications about the operations that are made in the account, explains the specialist. These operations may not carry any danger, but the child in a panic will regard them as critical. The employees of the fake support service at the same time insist on an urgent solution to the issue, for which they often ask the child to name the details of the bank card, both his and his parents, and to provide other confidential information, explains Konstantin Gorbunov.

- In essence, the child becomes a vulnerable link through which criminals can attack the family," says Evgeny Egorov, a leading analyst in the Digital Risk Protection department of F.A.C.C.T. Company. Evgeny Egorov. - Attackers can use a minor's account in a government service to steal personal data found in the account and then apply it to the next stages of fraud.

Photo: IZVESTIA/Sergey Lantyukhov

In particular, according to Evgeny Egorov, criminals can create fake profiles in different services or use the stolen data to blackmail and extort money from both the child and his parents. At the same time, Andrei Sidenko, head of Kaspersky Lab's child online security division, does not rule out that schoolchildren's accounts could be hacked to discredit the system of digital services itself, thus undermining users' trust in it.

How to protect yourself from hacking school accounts on "Gosuslugi"

Hacking schoolchildren's accounts on "Gosuslugi" carries serious risks for both children and their parents, says Marina Probets. Leakage of personal data can lead to financial losses as a result of fraudulent actions or theft of funds from linked bank cards. In addition, children can become victims of psychological pressure and blackmail by intruders.

- Parents face the risk of losing control over their children's data, possible legal problems due to actions committed through a hacked account, and the need to restore access to "Gosusluga", which can take time and effort," says the Izvestia interviewee. - In general, such hacks pose a threat to the safety and well-being of the entire family.

Photo: Izvestia/Eduard Kornienko

At the same time, as Andrei Sidenko notes, it is important to understand that any digital platform can become a target for fraudsters, but a competent attitude to data protection makes their theft as inconvenient as possible for attackers. And to protect yourself, it is important to follow the basic rules of digital hygiene.

In particular, on the platforms themselves, it is necessary to use all available security settings, including two-factor authentication. It's important for students not to have phone conversations with strangers - especially if they ask for personal information or confirmation codes.

- Parents need to improve children's digital literacy by explaining to them the rules of safe behavior on the Internet and the importance of not disclosing personal data, including access codes," says Marina Probets. - It is also a good idea to regularly monitor children's online activity.

Photo: RIA Novosti/Mikhail Fomichev

It is important to use complex and unique passwords, and to be vigilant when receiving calls or messages asking for confidential information. In the case of suspicious activity, you should immediately contact the "Gosuslugi" support service and take measures to change passwords and protect your account, the expert concludes.