Main article: Public services
2024
The Ministry of Internal Affairs announced two new schemes for fraudsters to access "Public services"
MINISTRY OF INTERNAL AFFAIRS Russia established two new schemes for fraudsters to access the accounts of users of Public services the portal "" in order to steal funds. This was announced in January 2025 at the press center of the department.
According to TASS, one of the schemes involves calls on behalf of telecom operators. The attackers present themselves as employees of the company and, under the pretext of extending the service contract, are asked to provide a code from SMS. This code is actually used to enter the personal account of "Public services." Having gained access, the scammers change the password and leave a message in the hint to the checkword with the phone number that belongs to them. By calling the specified number, the victim is faced with demands to transfer funds to a "safe account," allegedly to prevent theft through the portal.
The second circuit is associated with the reissue of subscriber numbers. According to the Ministry of Internal Affairs, fraudsters find numbers previously linked to accounts, but no longer used by the owners. Such numbers, issued by operators for re-implementation, are registered by new users. After that, through " portal, the password is restored by entering a one-time code sent to this number. The legal owner of the account may not even know about illegal access, since changing the password does not block previously authorized access through the application.
Using access to the account of the Unified Identification and Authentication System (ESIA), attackers send applications for microloans, apply to credit bureaus for financial certificates and register additional phone numbers. To sign the documents, an enhanced unqualified electronic signature generated in the State Key mobile application is used. All these actions are carried out without the knowledge of the account owner.[1]
Fraudsters distribute fake phones of the State Public services support service
Russian intelligence service vulnerabilities data breaches DLBI and analyzed fraudulent schemes with the help of which citizens are stolen access to the Public services portal. More. here
FSB detained a gang of hackers who hacked the portal to issue loans
On October 22, 2024, the Office of the Federal Security Service of Russia for the Trans-Baikal Territory announced the detention of members of a criminal group who hacked into the personal accounts of citizens on Public services to issue loans. The confirmed damage is more than 3 million rubles. Read more here
Hackers who issued loans through hacked Public services were detained in St. Petersburg
Employees of the criminal investigation department of St. Petersburg detained two young people suspected of a series of frauds using the Public services portal. The attackers hacked into the personal accounts of citizens and issued loans in their names. Information about the detention and the scheme of crimes was released in October 2024. Read more here.
How scammers use the State Public services portal. Schemes
At the end of August 2024, it became known that fraudsters began to use new schemes for gaining access to Russian accounts on "Public services." To do this, attackers can pose as employees of any authorities or send phishing emails of various contents.
One of the schemes, according to the Izvestia newspaper, involves sending letters to the victims, which report that their personal account was allegedly entered from a new device. The message indicates the region from which the authorization was made. Cybercriminals are motivated to send a notification by the fact that "the entrance is made from an atypical place." Next, fraudsters are asked to call the specified number to report illegal actions and "secure personal data." During a conversation, a person is lured out of real information to log into an account.
Another criminal scheme boils down to the fact that victims are called by unknown persons, posing as employees of any departments or institutions, for example, assistant judges. The goal is to get the code from, SMS which is necessary to pass two-factor authentications when entering your personal account on the State Public services portal. After a user reports a digital combination to attackers, they may lose access to their account.
In addition, a scheme is used, during which attackers send push notifications about the need to confirm passport data using a link allegedly leading to the website of a large telecom operator, and then to Public services. On such a page, users are invited to enter a login and password for their personal account. As a result, criminals receive both portal access data and confirmed subscriber information. The information that is stored on "Public services" allows fraudsters to perform various actions on behalf of the victim: for example, loans can be issued.[2]
Fraudsters began to steal money from Russians through "Public services" and "State Key"
In mid-August 2024, it became known that fraudsters in Russia began to use a very complex scheme of embezzlement of funds from citizens' accounts. To do this, the portal "Public services" and the application for electronic signature "State Key" are involved. Read more here
Fraudsters learned to sell housing through State Public services
In mid-July 2024, it became known that cybercriminals in Russia learned to conduct fraudulent real estate transactions through Public services. To do this, attackers use the victim's electronic digital signature, which is taken over in one way or another. Read more here
Accounts from Public services to 800 rubles are sold on the darknet
At the end of June 2024, it became known that cybercriminals sell stolen accounts from Public services on the darknet for migration registration. After learning access to such personal accounts, attackers can register foreigners in the apartment without the owner's knowledge. The cost of stolen accounts varies from 600 to 800 rubles.
The Izvestia newspaper spoke about the new cybercriminal scheme, referring to information received from the data leak intelligence and darknet monitoring service. DLBI It is reported that proposals for the sale of personal accounts on Public services began to appear after the terrorist attack in Crocus City Hall. During its investigation, law enforcement agencies began to actively check the system of temporary registration of foreigners and liquidated a significant number of "rubber apartments," in which tens and even hundreds of people can be registered at the same time. As a result, the need for registration has increased among migrants.
 | For example, their grandmother is called and told that her grandson needs to update the entry to the clinic. To do this, you need to report the code that will come to SMS, "says Fedor Muzalevsky, director of the technical department of RTM Group. |  |
Alla Khrapunova, curator of the Moshelovka Popular Front platform, notes that gaining access to a personal account on Public services is one of the main goals of fraudsters as of mid-2024. If a migrant who has committed or is preparing to commit a crime is registered in the housing of a citizen whose account was stolen by attackers, then this is fraught with serious consequences for the owner. He "will have to explain to the special services and law enforcement officers how this registration was made, why it was not canceled as soon as possible."[3]
In Russia, fraudsters began to send push notifications to smartphones in order to get data to Public services
In Russia, fraudsters began to send push notifications to smartphones in order to get data to Public services. The new cyber fraud scheme became known on March 25, 2024. Read more here.
2023
Fraudsters have found a way to bypass two-factor authentication on Public services
Fraudsters begin to actively distribute messages, both through SMS and through e-mail, that the user's account on Public services is hacked or blocked. The reason is suspicious activity. At the same time, the attackers indicate the phone number from which the call from the "support service" should subsequently come to restore access to their account. In some cases, victims are encouraged to contact support on their own. This was announced on November 6, 2023 by the press service of the deputy of the State Duma of the Russian Federation Anton Nemkin. Read more here.
Hacker detained for stealing accounts of 130 Russians on the State Public services portal
In Ufa, St. Petersburg police detained a hacker from St. Petersburg who stole data from accounts on the State Public services portal from 130 Russians. The press service of the Ministry of Internal Affairs of Russia announced this on July 13, 2023. Read more here.
2022: Fraudsters hacked a woman's LoC, issued 939 SIM cards for it and withdrew 1.5 million rubles
In March 2022, it became known that fraudsters find new holes in state Public services. Unknown persons hacked into the personal account of a resident of Nizhny Novgorod and tried to issue microloans for her, but failed. Then they issued 939 SIM cards of'Megaphone' on it. The cards were taken to minus and the woman owes 1.5 million rubles.
2021
On the portal of state services found redirection to the sites of fraudsters
In mid-September 2021, it became known about the discovery of redirection to the sites of fraudsters on the portal of public services. We are talking about a vulnerability such as a covert redirect.
As Igor Bederov, an expert at the SafeNet Engineering Center of the National Technology Initiative (NTI), told RIA Novosti, after entering the "capcha" (combination of letters and numbers) on public services and maintaining it, the user can be redirected to any other network resource, including containing malicious software that will be automatically installed on the victim's device.
Fraudsters can use this ability to transfer to their phishing resources to deceive and steal money or data. Igor Bederov clarified that the user will often see only part of the link in which the official website of public services is noticeable, without the part where he will be redirected after entering the "capcha." This part will be cut off by a social network or messenger. Previously, similar schemes were used for YouTube, Instagram and VKontakte.
| | To protect their data and devices, users should be sure to check the link address before navigating it, this can be done using antiviruses and hyperlink decryptors. So, the user will be able to see in advance which resource he eventually gets to and whether he will download the malware along the way, the expert said. | |
Bederov also advised to update all used software on time in order to protect yourself from vulnerabilities before scammers have time to use them.
An expert at the SafeNet engineering center of the National Technology Initiative notified the public services portal about the vulnerability found there. It is not reported whether it has been liquidated or not by September 15, 2021.[4]
Fraud using fake polyclinic sites
In September 2021, it became known about a new fraud scheme, which is used to steal data from users of public services. Attackers send notifications to Russians allegedly from the portal about disconnection from the clinic, offer to re-register on a fake service website and pay a fee, but fraudsters will leave personal data, money, login and password to enter this website of public services.
About the new scam RIA Novosti"" said the deputy chairman of the board. Sberbank Stanislav Kuznetsov According to him, in their messages, fraudsters emphasize that in a difficult epidemiological situation, it is necessary to attach to the medical facility again as soon as possible.
Kuznetsov noted that the victim's personal data can become the biggest prey of criminals, after which a loan or microloan can be issued for it. To protect yourself from this, the top manager advised to configure the login with confirmation by in your personal account, and SMS when receiving such a notification, contact your medical institution. In addition, the top manager of Sberbank recalled that attaching state to the clinic is a free service.
Earlier Roskomnadzor in warned that fraudsters are trying to collect personal data of Russians, posing as employees of the supervisory authority and warning the interlocutor that someone is allegedly trying to change his subscriber number. The attackers also clarify whether the user is registered on the public services portal, claiming that a loan is allegedly issued for the number being checked.
The department recalled that Roskomnadzor hotline operators do not have access to credit histories and profiles on Public services. The agency urged Russians to be vigilant and check "what unknown people say." Faced with fraudsters, you need to contact the reception of the Ministry of Internal Affairs.[5]
Notes
- ↑ The Ministry of Internal Affairs has identified two schemes for fraudsters to access the "Public services" of Russians
- ↑ Do not call them, do not call: fraudsters came up with a scheme with an atypical entrance to "Public services"
- ↑ With new settlers: accounts on "Public services" began to be sold for registration of migrants
- ↑ On the portal of state services found redirection to the sites of fraudsters
- ↑ Russia began to steal data on public services in a new way
| The site content is translated by machine translation software powered by PROMT. The machine-translated articles are not always perfect and may contain errors in vocabulary, syntax or grammar. Read original article If you find inaccuracies or errors in the results of machine translation, please write to editor@tadviser.ru. We will make every effort to correct them as soon as possible. |