Student odes: fraudsters began calling Russians on behalf of universities
A new "seasonal" scheme of deception began to be used by telephone scammers, Izvestia found out. Since the end of the academic year, they have been introduced by the staff of the Dean's office of the university or its archival services. The attackers offer students to verify their account on "Public Services" in order to receive a scholarship and continue their studies, and for people with higher education to take a test or survey in the non—existent "National Education Accounting System" or confirm their diploma. Next, the scammers act in a standard way — they lure out login information for "Public Services" or report hacking of such an account and offer to transfer money to a supposedly secure account. "Calls from the dean's office," especially if the name of the university is used, increases the trust of the potential victim, experts say.
How the scheme works
Scammers began calling Russians on behalf of universities, Izvestia found out. They are submitted by the staff of the rector's office, dean's office or archival services of universities. Students are reminded that they need to take certain tests, confirm their eligibility for scholarships, change their personal account number to pay for tuition, complete a survey, and register on certain websites. For all these manipulations, you must log in to the Gosuslugi portal.
After that, the potential victim receives a deliberately inactive account confirmation link, and when it fails to log in, the attackers offer authorization assistance — and for this it is absolutely necessary to provide the password and the SMS code to log in. This is how the account on Gosuslugi ends up in the hands of scammers.
A similar scheme is applied to those who have already graduated from the university. Moreover, scammers often act on behalf of a specific educational institution, namely the one where their subscriber studied.
"I graduated from university four years ago," Anna, a Muscovite, told Izvestia. — I received a call ostensibly on behalf of the dean's office, they said that those who graduated from the institute up to five years ago should undergo some kind of testing. They were going to send a link to some kind of "National Education Accounting System" and promised that the certificate would later be displayed on "Public Services".
Anna questioned the need for such testing, which she told her interlocutor.
— I quickly searched the Internet and did not see any data about such testing anywhere. I asked where to read the official documents about it, he immediately hesitated. And then he said: You'll suffer later, and I hung up," she said.
Fraudsters sometimes implement a more complex scheme, law enforcement sources told Izvestia. So, the scammers called a resident of Moscow on behalf of the dean's office and asked him to name the SMS code from the "State Services" for testing. Then he began receiving calls, where the interlocutors introduced themselves as employees of various departments. They convinced the victim that his account had been hacked, and all the money needed to be transferred to a secure account. As a result, the man transferred 60 thousand rubles to an unknown person.
The damage to another Muscovite amounted to 1.1 million rubles, some of which the man borrowed. It all started for him with a call from the supposedly dean's office asking him to enter data from Gosuslug, as if to confirm the existence of a diploma in the system. The attackers then convinced the man that he had become a victim of fraud, so he had to transfer money to a secure account, as well as "reset his credit potential" by taking funds from several banks. We communicated with him through a Telegram messenger account signed as the "Consumer Protection and Financial Services Accessibility Service."
Some victims got off with only losing access to the Gosuslug account. Cases of such calls have been recorded in different regions of the country.
All official announcements are posted only on the official resources of the university, the Technological University named after Pilot-Cosmonaut A.A. Leonov reminded: the university management will not write to students personally in messengers or social networks.
— If you receive a message from the "rector" or "vice—rector", do not rush to respond, first check the information, - the educational institution reminded.
Which scammers use social roles
The scenario in which a student or graduate is asked to confirm an account on Public Services in order to continue their studies or receive a scholarship is another variant of social engineering, experts explained to Izvestia. The design is not new, but it works effectively because it is adapted to a specific context, said Evgenia Galushko, iTPROTECT information security expert.
"The attackers use any social roles in which it is difficult for a person to doubt the legitimacy of an appeal, it can be either a technical support operator from a bank or the university administration," she said. — Phishing targets can be anyone: students, pensioners, parents of schoolchildren, especially if the scenario is chosen convincingly.
Such schemes work quite effectively among students, because digital services are firmly embedded in the educational process, Evgenia Galushko believes. And the communication between the university and the student may not have formal features that would allow authenticity to be established.
— When a message arrives on behalf of the dean's office or the archive mentioning current topics, scholarship, diploma confirmation, access to a personal account, it is perceived as part of the usual routine. Students who do not have established information hygiene practices may well not notice the substitution," she stressed.
An additional vulnerable link is the offer to "help with authorization" on the portal. At the moment when the user transmits the password and the code from the SMS, the attacker actually has control over his account.
— Through access to Public Services, it is possible to sign legally significant documents, file statements on behalf of the victim, and so on. That is why it is critically important not to transfer credentials and not to enter them according to someone's instructions, especially if the link to the site was received through social networks or a messenger, the expert warned.
Login should always be done directly, manually, through a verified address. It is advisable that the account is protected by two-factor authentication.
How phone Scams change depending on the season
The actions of the scammers clearly show seasonality, said Alexey Filatov, head of the Department of Personology and Behavioral Analysis at the Academy of Social Technologies. They keep track of the most relevant events that are already happening or will happen in the near future.
For example, on the upcoming Russia Day on June 12, civil servants may receive calls about an alleged bonus due by that date, he believes.
"These topics become just an excuse, the so—called first touch theme, during which the fraudster gets his victim's attention and subsequently her trust," he explained. — They most often then switch to standard techniques — compromising the account of "Gosuslug", bank accounts and false information that the victim of deception allegedly sponsors the Armed Forces of Ukraine.
Earlier, Izvestia wrote that on the eve of the gardening season, when many ordered seeds and goods for cottages, fraudsters called Russians on behalf of the marketplace delivery service. They reported that it was impossible to deliver the order to the specified address, and then asked to dictate the SMS code that opened access to "Public Services".
It is worth reducing the level of trust in the interlocutor if you are not the initiator of the communication, says Alexey Gorelkin, CEO of Phishman, an expert in the field of information security.
— If in doubt, call back the official number of the organization to which the stranger introduced himself, or contact in any other official way to confirm the actual circumstances that the caller stated, — he warned. — If someone knows information about you that is stored electronically somewhere, this does not mean that the person belongs to some government, financial or other organization.
Scammers use a stressful situation and create a sense of urgency — the student is informed about the possible consequences for his studies, and in this state he acts automatically, without having time to turn on critical thinking, added psychologist Olga Kushnareva.
— A person in such a situation feels pressure: it seems to him that he must immediately follow the instructions so as not to lose an important opportunity. Psychologists call this condition "tunnel perception" — attention is sharply narrowed, and a person focuses only on solving an imaginary problem, ignoring the oddities in the behavior of the interlocutor, she explained.
To counter such an attack, the psychologist recommended learning to recognize signs of pressure: any urgent requests, demands for personal information, especially under the guise of official structures, should cause alertness. It is advisable to think out an algorithm for yourself in advance, what to do if they report a hack or ask you to log in to Gosuslugi. Such internal rules, she says, help to regain control of the situation.
How to protect your account from hacking
When hacking an account on Gosuslugi, it is necessary to act quickly and consistently, Maria Bakakina, adviser to the criminal law practice at Sokolov, Trusov and Partners, said.
First, according to her, we need to try to quickly regain control of the account through the official portal. If possible, it is better to contact the MFC for this.
— Immediately after logging in, check whether your current phone number and e-mail are listed in your personal account. If the data is changed by fraudsters, immediately return the correct ones. In the "Security" section, end all active sessions on other devices, leaving only the current one," she recommended.
It is important, according to her, to review the notification feed and the "My statements" section for unauthorized actions.
— The second critical step is contacting law enforcement agencies. Submit a statement about the fact of illegal actions to the nearest police station or through the online reception on the official website of the Ministry of Internal Affairs of Russia," she said.
The application should describe all the circumstances in as much detail as possible.: how the contact with the scammers occurred, what actions they could have performed through the account, the fact of receiving suspicious notifications, for example, SMS about a loan. It is worth attaching all possible evidence.: screenshots of correspondence, SMS, account activity history.
— The third key stage is checking your credit history. Request a report from the Credit History Bureau (BCI) through the Gosuslugi portal or directly to the BCI," the lawyer recommended.
Further steps will depend on the specific consequences of the hack, she stressed.
— And the most important thing is not to blame yourself after encountering scammers. This is not weakness or stupidity, but a normal reaction to well—planned manipulation," Olga Kushnareva said.
It is important not to shut yourself in, but to talk to someone who will support you, the psychologist recommended. Regaining control of the situation, she says, is part of psychological recovery.
Переведено сервисом «Яндекс Переводчик»
