Dear diary: how scammers deceive schoolchildren under the guise of teachers
Cheating schoolchildren
The scammers began to deceive children by posing as school staff. Izvestia was informed about at least two such cases that occurred at the end of February.
In the first case, the criminal called a 17-year-old Moscow teenager under the guise of a school principal. She scolded the high school student for allegedly not re-registering the electronic diary after school, and asked him to name the numbers from the SMS sent from the Gosuslugi portal. The student believed them and dictated them.
After that, the source said, the boy received an SMS with the text "your documents have been successfully downloaded." And then he received a call from a "specialist of the Gosuslugi portal," who switched him to a "Rosfinmonitoring employee." She, in turn, demanded to take her mother's phone in order to "secure her accounts."As a result, the student agreed, logged into the bank's application, applied for a credit card and transferred about 200 thousand rubles to the fraudsters. Upon learning about the incident, the teenager's mother contacted the police.
In the second case, the fraudster deceived a 16-year-old athlete from Yekaterinburg, who was in family training. She called a schoolgirl under the guise of a class teacher and asked her to confirm in her electronic diary an entry for participation in an interview for admission to the OGE in the Russian language. For the sake of persuasiveness, the criminal told the girl her full name and passport details.
The schoolgirl, who did not know her teachers, also believed and named the six-digit code that came in the SMS. And after that, following a tip from the scammers (they said that unknown people had downloaded her mother's INN, SNILS and passport data and could now apply for loans), she transferred the money to a "secure account" — 50 thousand rubles.
Izvestia sent inquiries to the Interior Ministry to find out the details of the incident.
The trend of recent months
As Alla Khrapunova, an expert of the Popular Front For Borrowers' Rights project and curator of the Moshelovka platform, explains to Izvestia, attacks on children are one of the trends of the last six months, which will only gain momentum.
— We have recorded an increase in reports of both attempted attacks and successful cases for scammers when children believed the legends that sounded from the tube. By the way, the circle of interests of the attackers includes not only schoolchildren, but also students of colleges and first—year universities," says Khrapunova.
According to her, the legends used by the attackers are based on the same type. For example, young people are informed about the need to make changes to an electronic journal or student profile, coordinate a transfer to another half-year, quarter or semester, and confirm the data in the journal. Closer to spring, scenarios related to the upcoming OGE and USE exams began to appear (scheduled interviews, mistakes in applications, confirmation of the application, sale of correct answers). But one way or another, it all comes down to the requirement to provide an access code from your personal account on the Gosuslugi portal.
— It is worth noting that a child can have an account from the age of 14, since he already has a passport. It is created by one of the parents and is automatically linked to his account. Therefore, the coveted SMS code can also give access to the parent's account, which carries additional threats," the expert notes.
Effects on the child
Scammers usually affect children in a similar scenario, explains Alla Khrapunova. First, they mention the child's personal information (class, group, school, names of teachers), which inspires confidence and reduces vigilance.
— But we must remember that it is very easy to obtain this data in the digital world. Firstly, there is a lot of open information about the school. Secondly, children are very open on social media, posting information about themselves, creating communities, posting photos, talking about their friends, trips, pets, and more. It will not be difficult to collect a pool of data, and the attacker will calmly fill in the remaining gaps in information in a dialogue with the child: answering simple questions, he will provide a lot of data about himself and his family," says the curator of Moshelovka.
After that, criminals can start scaring the teenager. At the same time, various arguments related to studies, family, theft of money, and important data may be used. A child can complete tasks out of fear for their parents (as in the case of a girl from Yekaterinburg) or out of fear of their punishment.
At the same time, Alla Khrapunova adds, scammers can act not only with the help of threats — sometimes they promise rewards. But this happens more often in schemes that are not related to education.
— For example, they may be asked for a small amount (starting from 500 rubles) to rent an account in a messenger or social networks "to send harmless advertisements," says the Izvestia interlocutor.
If the child's child account "lasts" for more than two hours before being blocked, the owner can actually transfer money. But the damage will definitely be greater.
Under the guise of a teacher
Fraud schemes related to the field of education can be directed not only at children, but also at parents, teachers and school administrators, Konstantin Gorbunov, a leading expert on network threats and web developer of the Security Code company, says in an interview with Izvestia.
— For example, by hacking a teacher's smartphone, attackers can gain access to various chats with students' parents and spread phishing links under the guise of receiving any benefits or organizing a fundraiser for the needs of the school, the expert notes.
The teachers themselves, for whom the attackers implement the FakeBoss scheme, can become a target. Scammers create a copy of the profile of a teacher's supervisor in a messenger, for example, a school principal or an official from a relevant department, after which, under various pretexts, they force him to click on a phishing link and enter confidential data. Or, as in the old well-known schemes, transfer your money to a "secure account".
In all these cases, the Izvestia source says, criminals need very little data. The victim's phone number and full name are enough, which can be easily found in the merged databases.
Ways to protect yourself
To protect yourself from scammers, both schools and parents themselves need to conduct digital literacy classes, Izvestia experts say.
— Students should know that under no circumstances should confidential data, especially various codes, be shared with other persons, even if these persons are represented by teachers or employees of public services, — says Konstantin Gorbunov.
In addition, Marina Probets, an Internet analyst and expert at Gazinformservice, adds, it is important to teach a teenager to distinguish scammers from real employees of schools and other institutions. The main signs are unexpected calls from an unknown number, pressure, and a statement of urgency. With any of them, you need to hang up the phone and call the school yourself.
Also, the Izvestia interlocutor notes, it is worth applying technical protection measures: using specialized software to analyze and block calls from suspicious numbers and enabling two-factor authentication (2FA) on the Gosuslug account. The latter significantly increases security, since even when receiving an access code, an attacker will not be able to log in without a second authentication factor (for example, a code from an SMS message to an associated number).
At the same time, adds Alla Khrapunova, an expert at Moshelovka, it is important to build a trusting relationship with a child so that at the slightest suspicion of fraud and psychological pressure he can turn to his parents or even his teacher.
Переведено сервисом «Яндекс Переводчик»
