Increasingly, attackers are trying to gain access to user accounts on the Gosuslugi portal using a new deception scheme. This was announced on Saturday, January 15, by Vladimir Ulyanov, head of the Zecurion analytical center.
Fraudsters call on the phone, pretending to be employees of the portal, and offer to link a QR code to the page of the Gosuslug user. To do this, the attackers send a code via SMS and ask him to call. So they get access to accounts and find out personal data.
“Such calls do not require a money transfer, which dulls the vigilance of the victim,” Ulyanov told Kommersant.
He explained that two-factor authentication should be used to protect personal accounts on the Gosuslugi portal.
“This will make it difficult to enter your personal account in any case.” Also, according to him, it is worth refusing to communicate on incoming calls and, in case of doubt, clarify how to contact the person who called or another representative of the service, ”he said.
Infosecurity Communications Director Alexander Dvoryansky noted that in a conversation, attackers push the interlocutor to make an impulsive decision and not double-check the information.
“If a person fulfills the requirements of scammers, then the data for entering the resource can be compromised,” he specified.
In turn, the Ministry of Digital Transformation of the Russian Federation, in connection with the information that fraudsters have begun to use the theme of QR codes on the Gosuslug portal, warns that portal employees never call citizens without asking and do not request their data.
“The Ministry of Digital Resources reminds: employees of the Gosuslug portal never call without a citizen’s request and do not ask for his data. Be careful not to share your phone number, SNILS, passport data or any other information with third parties.
The ministry recalled that the QR code appears in the verified account automatically when the Ministry of Health transmits information about vaccination or a disease.
In 2022, for additional data protection of citizens, the Ministry of Digital Development plans to introduce mandatory (by default) two-factor user identification on the State Services portal. Experts consider the introduction of mandatory two-factor identification a timely measure that fits into global trends.
On January 11, the Moscow Main Directorate of the Ministry of Internal Affairs of Russia spoke about the emergence of a new telephone fraudulent scheme to deceive bank customers. With the help of voice robots, fraudsters call bank customers and, having gained confidence, lure out information that allows them to make transactions in the customer’s online bank.