Lost years: why scammers offer to recalculate the pension
A new scheme of deceiving Russians related to the recalculation of pensions has appeared. This time, the scammers are offering "digitization of data" ostensibly to preserve seniority and increase payments, but in fact they are luring access to "Public Services." Experts explain that the attackers are playing on the anxiety of Russians and on the fact that many payment schemes still seem complicated and confusing. As a result, gullible citizens may lose not only access to accounts, but also money. Details can be found in the Izvestia article.
What is the essence of deception with work experience?
Fraudsters have learned how to steal access to citizens' "Public Services" under the pretext of digitizing data to preserve seniority. They create group chats ostensibly on behalf of the victim's former employer and simulate a discussion of the procedure for "digitizing work experience." Then the conversation turns to the non-existent "Rostrud keys" that need to be obtained. The fake participants in the dialogue take turns confirming receipt of the codes and encouraging the victim to repeat the algorithm. If the attack is successful, the person loses access to the account.
As Maria Mikhailova, head of the Angara SOC brand protection group, explained in an interview with Izvestia, pension savings and seniority issues are important for the majority of working Russians. At the same time, the schemes for calculating seniority and other indicators seem complicated and confusing to many.
— People of pre-retirement and retirement age are particularly vulnerable. On the one hand, they don't know enough about digital services, and on the other, they worry about the safety of their work experience, which determines the level of payments," the expert explains.
All these factors create a good foothold for attackers. In addition, in their schemes they actively refer to the digitalization of all sectors of the economy and convincingly prove the importance of "digitizing data" or "updating information."
Most often, negative motivation is used, adds Alexander Vurasko, Director of Development at the Solar AURA External Digital Threat Monitoring Center (Solar Group).
— It is important for attackers to motivate the victim to commit rash actions. In this case, negative motivation is used: "Do this, or you will lose your work experience," the expert explains.
What kind of fraudulent schemes with work experience can we expect in 2025
The new scheme is due to the fact that fraudsters use deepfakes and voice generation to portray the victim's employers, explains Maria Mikhailova. The reason for the conversation, as an example, may be "updating information about the workbook."
— In reality, scammers can obtain personal data either by using social engineering or by sending a phishing link to fake portals. When entering information, the user loses his login and password," says the expert.
Another technique may be the suggestion to "download special programs" ostensibly to automatically adjust seniority data. In fact, such programs may contain malicious software, Maria Mikhailova clarifies.
According to Evgeny Egorov, a leading analyst at the Digital Risk Protection department at F6, residents of new regions of Russia are at risk, where a special procedure for confirming work experience has been established.
—Attackers exploit a lack of awareness about the digitalization of services and a willingness to agree to requests to 'update', 'digitize' or 'save' their data," the specialist explains.
As for the means of communication, daily phone calls and instant messenger messages remain instruments of deception, Timofey Voronin, deputy director of the Center for Scientific and Technological Policy at Lomonosov Moscow State University, is convinced.
Although legislative measures make it more difficult for fraudsters, they cannot, unfortunately, completely eradicate criminals: they, in turn, also improve ways of deceiving citizens. New scenarios and technical tools are being used.
The most popular schemes for deceiving pensioners
Moreover, the scheme of deception with work experience is not new, Timofey Voronin notes. Earlier, citizens received calls allegedly from the Social Fund of Russia (SFR) with an offer to enroll in the department for additional seniority. To do this, the citizen had to provide the "employee" with a record confirmation code, but in fact it was a code for restoring access to "Public Services."
— A variation of this scheme is to send a link to a fake Gosuslug website and ask them to confirm their entry in the SFR there, — says the Izvestia interlocutor.
Last year, the scheme with "recalculation of pensions due to unaccounted-for work experience" was also popular, adds Maria Mikhailova. Potential victims were invited to an existing Multifunctional Center (MFC) or a branch of the SFR for consultation. As in the previous scheme, in order to get an appointment, a person had to provide personal data, including passport and SNILS, as well as an SMS code.
Meanwhile, the "legend" with the preservation of work experience is just one of the many schemes of deception, the head of BI reminds.ZONE Brand Protection Dmitry Kiryushkin. There are also scenarios with "extending the contract to a phone number," "obtaining a new compulsory medical insurance policy," with calls "from special services," with "an appeal from the CEO / chief," and many others.
"The danger is that the victim not only loses control of his account, but also becomes the object of psychological pressure and financial extortion,— Maria Mikhailova emphasizes. — All this harms citizens and undermines trust in government digital services.
How to protect yourself from fraudulent schemes with work experience
You can protect yourself from fraudulent schemes by observing digital hygiene, says Alexey Korobchenko, head of the information security department at the Security Code company, in an interview with Izvestia. These are complex and unique passwords for various services and two-factor authentication.
— Do not tell anyone the codes from SMS or push notifications, even if it seems safe or the caller introduces himself as an employee of government agencies. In case of any doubts, it is better to immediately call the organization back at the official number," the expert advises.
Sergey Polunin, head of the Gazinformservice IT Infrastructure Solutions Protection group, adds that government agencies have an extremely limited set of means of communication with citizens. This means that neither the tax service, nor the Ministry of Internal Affairs, nor the SFR will ever call users in messengers.
Dialogues in which they threaten criminal liability or insist that no one find out about the call should be particularly wary, Dmitry Kiryushkin reminds. In this way, scammers play on the victim's fear and make it difficult to assess the situation objectively.
— Even if the interlocutor mentions your passport data, address and other personal information, this does not mean that he really represents a government organization. Due to large-scale leaks, such data may be publicly available," explains Dmitry Kiryushkin.
New fraudulent schemes may appear all the time, but their goal will always be the same — to steal money or personal data. Criminals' tools can be a regular phone conversation, group chats with bots that create a mass appearance, phishing links, forged documents, and many other things. However, the universal means of combating fraudsters are attentiveness and vigilance, concludes Timofey Voronin.
Переведено сервисом «Яндекс Переводчик»
