- Статьи
- Internet and technology
- Outdoor rental: what schemes to expect from scammers with the start of the electric scooter season
Outdoor rental: what schemes to expect from scammers with the start of the electric scooter season
A new rental season for electric scooters and bicycles has opened in Moscow, according to the Moscow Department of Transport and Road Infrastructure Development. 60 thousand electric scooters and more than 20 thousand bicycles are available for citizens and guests of the capital. Meanwhile, the popularity of mobile transport among Russians attracts fraudsters. For more information about what schemes to expect from scammers with the start of the electric scooter season, see the Izvestia article.
Why are electric scooter users interesting to scammers
Electric scooters are becoming increasingly popular in Moscow and other Russian cities, as they allow users to move quickly and conveniently with minimal financial costs, says Andrei Razdymakho, an expert on cybersecurity at Angara Security, in an interview with Izvestia. At the same time, a large number of users expands the potential audience for fraud attacks.
"Electric scooters are rented through mobile applications with bank card links, which opens up wide opportunities for abuse," says the expert. "Many users may not be aware of existing threats, which makes them vulnerable to intruders.
The latter can hack accounts or create fake applications to steal financial resources and personal information to further expand the fraudulent chain, Maxim Alexandrov, an expert in software products at the Security Code company, adds. In addition, fraud with such applications is not so common, so it is easier to mislead users here.
What schemes of scams with electric scooters should we expect in 2025
This season, the rules for renting electric scooters in Moscow have changed: now only users who have been verified in the rental application via Mos ID can rent them in the capital. This will require a full account on the portal. mos.ru . This will allow you to control access to the service for minors, as well as identify traffic violators faster.
"With the introduction of ID and an electric scooter control system, fraudsters can start sending fake penalty notices," warns Vitaly Fomin, head of the information security analyst group at the Digital Economy League. — For example, a user may receive a letter demanding payment of a fine, but the link will lead to a phishing site where intruders will steal personal data.
In addition, according to Izvestia's interlocutor, scammers can create fake applications for renting electric scooters in order to collect user data or force them to pay for non-existent trips. Vitaly Fomin also does not rule out that in 2025, fraudsters will use the method of registration in kicksharing services by gaining access to an account on the Gosuslugi portal.
In this case, the site will be phishing. Scammers can use this method because scooters now have license plates, and penalty notices can be received for both a car or a motorcycle. In turn, Maxim Alexandrov does not exclude that due to the new rules and restrictions for users of rental means of individual mobility, a new type of fraud related to fictitious incidents may appear.
"Attackers can inform users about alleged serious violations and offer to pay a discounted fine," the specialist explains. — Traditional schemes can also be used, for example, calls to parents claiming that their child was in an accident on a scooter, and offers to "hush up" the case for a bribe.
Sergey Polunin, head of the Gazinformservice IT infrastructure Solutions protection group, adds that due to the new rules for renting electric scooters in Moscow, a new "point of failure" has appeared - you now need to authenticate with another service before checking your account. However, in the event of a successful DDoS attack on this resource, there is a risk that all city scooter rental services will become unavailable.
What fraudulent schemes with electric scooters were used in the past years
Meanwhile, experts have recorded fraudulent schemes related to electric scooters before. In particular, as Evgeny Egorov, a leading analyst at the Digital Risk Protection department of F6, says in an interview with Izvestia, last season the company's specialists discovered groups on social networks and messengers, channels and bots offering rental of electric scooters bypassing the rules of operators.
"Users who decide to take advantage of such offers risk fines, being blacklisted by services and becoming victims of fraud," says Evgeny Egorov. — Some ads offered applications for unlimited trips, allegedly intended for employees of kicksharing services, as well as instructions for mass account registration.
According to the expert, such ads are designed for users who are blocked for violations, minors, as well as those who do not want to pay for trips. However, such a purchase does not give any guarantees to the buyer that he will not be deceived. In addition, in the past, a scheme with the replacement of QR codes was common: attackers placed fake codes on the bodies of scooters, adds Vitaly Fomin.
Users who clicked on such QR codes ended up on a fraudulent website, and their bank details ended up in the hands of criminals. The danger is that phishing links look very similar to the addresses of real services. Another common method of deception was the offer to sell a scheme that allows you to rent a scooter for the whole day for 250 rubles.
"In addition, the scammers offered users paid guides on the illegal use of electric scooters, including disabling speed limits and buying access to other people's accounts with bonuses or discounts," notes Andrey Razdymakho.
How to protect yourself from fraudulent schemes involving electric scooters
Using "gray" schemes to connect to the service or save on rent can lead to account blocking, loss of funds, data leakage and infection of the user's smartphone with malicious software, it will allow cybercriminals to gain remote access to the device and steal personal information, warns Evgeny Egorov.
"Kicksharing services are often used by schoolchildren who pay rent with their parents' bank cards,— says Vitaly Fomin. — If the scammers receive the card details, the money will be stolen. Moreover, when accessing an account on Gosuslugi, attackers will be able to steal not only funds from a card or account, but also carry out real estate transactions or take out loans.
In order to protect yourself from fraudulent schemes related to the rental of electric scooters, Maxim Alexandrov first of all advises you to remember that any applications are best downloaded from the official websites of services and app stores. At the same time, the downloaded software must be checked with an antivirus. Also, one of the most effective protection mechanisms is the use of a camera built into the kicksharing application: the necessary security tools are "wired" into it, so it will not allow you to use a fake QR code to access a phishing site.
At the same time, it is important to remember about another rule of cyber hygiene: delete unused accounts. Since such "accounts" are abandoned for a long time, and the application itself is not updated (unless auto-update is installed), their security level decreases. This is due to the fact that users often use the same password for different services, so it is more likely that the kicksharing code was stolen from the database of some other portal.
— Also, over time, a lot of vulnerabilities arise in all applications, which are usually quickly fixed by developers, but if you do not use the service and do not update the software, attackers can take advantage of the holes that have appeared, — concludes the interlocutor of Izvestia.
Переведено сервисом «Яндекс Переводчик»
