Mercenary account: scammers in Telegram started pretending to be gas workers
Cybercriminals have developed a new fraud scenario on behalf of the gas service. They call via Telegram and, less often, WhatsApp (owned by Meta, a company whose activities are recognized as extremist and banned in the Russian Federation), warn about a planned inspection of equipment in the apartment and, under this pretext, offer to pay a non-existent debt via a phishing link sent via messenger, cybersecurity experts said. How not to fall for the bait of scammers — in the material of Izvestia.
A new scheme of deception on the Web
A new scenario for user deception has been identified by analysts at the Digital Risk protection department of F6, a developer of technologies to combat cybercrime.
Fraud is committed on behalf of the gas service — users are offered to repay a penny debt for housing and communal services. Then, when trying to pay a non-existent debt via a phishing link, the criminals steal money from the account.
Previously, cybercriminals actively used this cover for the first stage of complex multi-stage attacks: they called users via Telegram or WhatsApp, offered to coordinate the time of the master's visit to check the gas equipment and asked them to name the code from the SMS, after which their accomplices launched the next stage of deception. Now the attackers pose as employees of the gas service in order to immediately gain access to the bank account of a potential victim.
The mechanism of deception is as follows: a fraudster creates a fake account in Telegram, which can be called simply "Gorgaz" or combined with any names: for example, "Anastasia, Gas Service", "Mikhail, Gorgaz dispatcher". The attackers use images similar to the logo of a well-known gas company as an avatar. When a fraudster calls a user via Telegram who does not have a ban on receiving calls from unknown numbers, he sees a recognizable logo and the caller's "name" on the screen.
The attacker says that a scheduled check of the gas equipment is being carried out in the house, and specifies at what time it will be convenient to receive the master. After agreeing on the date and time, the fraudster casually informs that the interlocutor has an unpaid gas bill. He calls the amount of debt small, for example, 15 rubles 94 kopecks, and offers to pay it immediately under the pretext that in case of delay, a fine of 15 thousand could allegedly be imposed.
Even if the tenant of the house does not have gas equipment or does not use it, the fraudster will try to convince him that he still has a non-existent debt, and it is better to pay immediately and then deal with the causes of the debt than to run into a multi-thousandth "fine", experts said.
According to analysts at F6, this scenario has been used by one of the major scam groups since April 2025. During the month, its participants deceived 77 users, who were robbed of 657 thousand rubles. The damage amounts range from 2,000 to 75,500 rubles.
In February of this year, a similar fraud scenario was recorded in the Donetsk and Lugansk People's Republics. The attackers called residents via Telegram, informed them that the gas supply contract had expired, and offered to go to a fake website where, under the pretext of submitting an application, they were required to provide their full name, address, phone number, as well as the series and passport number.
— The new deception scenario is universal, and attackers can use it on behalf of any housing and communal services organization. Members of a particular fraudulent group choose to disguise themselves as representatives of the gas service because it makes it easier for them to mislead users, regardless of which region or locality they live in," said Evgeny Egorov, a leading analyst at the company's Digital Risk Protection department.
Izvestia sent inquiries to JSC Mosgaz and Gorgaz to clarify whether they were aware of this deception scenario.
How not to fall for the bait of scammers
The attackers carefully consider the format of the requests. They use logos of government agencies and refer to real events to increase trust. During calls to their victims, they introduce themselves as government officials. They often claim that a person is burdened with debts and must urgently pay minor fines. They are being asked to install a special application, which is essentially malware, or click on a phishing link to pay, said Igor Bederov, head of the information and analytical research department at T.Hunter.
— There are other schemes of criminals' work: through messengers they can spread false messages about the debt on housing and communal services, in some cases the money is transferred to fake accounts, — he reminded.
Cybersecurity experts advise against installing apps based on recommendations from strangers, as well as links from text messages, instant messengers, emails, and questionable sites. In no case should you tell outsiders the CVV and PIN codes of bank cards, logins and passwords for online banking.
— In order not to become a victim of fraudsters, it is necessary to follow the rules of digital hygiene. Do not follow suspicious links or open attachments from unknown senders. Always check their authenticity," Valeria Besedina, an analyst at the Positive Technologies research group, reminded.
According to the expert, a reliable way would be to limit the visibility of the phone number in the privacy settings of messengers and prohibit adding people outside the contact list to any groups.
Переведено сервисом «Яндекс Переводчик»
