Russians were warned about a new fraud scheme

Under the pretext of filling out a resume, scammers steal Telegram user accounts, and then send messages to contacts offering to take a survey on behalf of the United Russia party for money. To do this, it is suggested to download an application with a Trojan, after which money may be stolen from the victim's accounts. On March 18, F6 told Izvestia about the new scam scheme.

Analysts at F6's Digital Risk Protection department have learned that hackers are stealing the accounts of messenger users who are looking for work. Scammers place ads looking for employees with high salaries and other attractive conditions. Scammers strive to create an image of a recruiter that inspires maximum trust: they buy Premium accounts for their accounts, use business-style images for their avatars, specify working hours in the description, and set up an answering machine.

If a user responds to a fake vacancy on a free classifieds website or job search service, the scammers ask for his phone number and immediately offer to transfer communication to WhatsApp or Telegram. In the correspondence, the applicant is asked to fill out a resume and send a link to a phishing resource, where they are asked to provide personal information and log in via Telegram to confirm sending the resume. If the user enters a phone number in the form that opens, and in the next one, a confirmation code from an SMS from Telegram, the attackers immediately gain access to his account.

Alarm bells: Putin declared unacceptable scale of fraud in the Russian Federation

What measures do the Cabinet of Ministers and the Central Bank propose to protect citizens from cybercriminals?

Then, an automatic mass mailing of messages with an offer to complete a survey for money begins from the victim's account to all contacts and chats. At the same time, scammers use the United Russia brand. The scammers offer to take part in the survey on behalf of the party and receive 5,000 rubles for it.

Under the pretext of taking a survey, potential victims are invited to follow the link. In this case, the user of the Android device sees the fake Google Play app store page, from which it is suggested to download a fake application with a hidden Trojan. After installation, it requests permission to access contacts and text messages. The person is then redirected to an Internet page where they can leave their personal information. After learning this information, scammers gain control of the device and can debit money from a bank account by intercepting SMS messages to confirm the transfer using a Trojan.

If the user has an iOS device, they will not be able to install the app.: They will be asked to complete a survey and fill out a phishing form, including a bank card number.

The company clarified that the attackers have been using the new scheme for about a month. During this time, 770 people were injured, 5,921,500 rubles were stolen from them, and the average amount of damage was 7,690 rubles. F6 specialists have sent data from web resources that fraudsters use for illegal activities to be blocked and warned party representatives about the threat.

The experts gave some advice to the Russians.

"When searching for vacancies, remember: the salary is higher than the market, if such conditions are offered by an unknown large company, this is one of the distinguishing features of fraudster ads. As a rule, a high income implies equally high requirements for a candidate. If the ad promises a high salary with low demands or lack thereof, this is a signal of probable deception," they stressed.

Experts recommended not to follow links from strangers. If a familiar contact has sent a link that was not requested, it is also not worth opening it.

You should install applications only from official stores, from trusted developers.

"Check the permissions that mobile apps request after installation. If an application requires you to give it permissions that are not directly related to the stated functionality (for example, to read SMS messages and contacts), ignore such requests, or even better, delete such an application to eliminate the risk of transmitting confidential information to unknown people without your knowledge, and check the device with an antivirus," the experts added.

In turn, United Russia warned that the party does not conduct paid surveys and does not request bank card data from users.

Earlier, on March 12, it was reported that in 2024, Russians most often encountered fraudulent calls allegedly on behalf of bank security services. This was stated by 22.4% of respondents, according to the results of a survey conducted by RED Security. In addition, the attackers pretended to be representatives of telecom operators (21.7%).