From the State Services portal, a warning was sent to the mail specified by users during registration about increased cases of fraud. The issued recommendation calls not to tell anyone the code from the SMS. Also, the State Services offer to set up a security question and enable two-factor authentication, which will not allow you to enter your account without confirming the code.

On the fact that telephone scammers began to use a new tool to deceive Russians, on the eve of indicated “Kommersant”.

The attackers pose as employees of the Gosuslugi portal and, through QR codes, gain access to the personal account of their victims. Cybersecurity companies have warned that scammers have begun calling victims on behalf of the portal’s employees. According to the scheme, attackers ask citizens to dictate a code from an SMS message, supposedly to activate or link a QR code to a user’s page. Criminals initiate a password recovery to the victim’s account over the phone in order to subsequently steal his account.

Related materials:

This code, as Vladimir Ulyanov, head of the Zecurion analytical center, explained, is needed by scammers to get into the victim’s personal account and get her data. Then they can, for example, use them to arrange loans or for other illegal schemes.

Infosecurity communications director Alexander Dvoryansky warned that the goal of the scammers is to convince the user to make a quick, impulsive decision. Previously, attackers posed as employees of a bank, the Ministry of Internal Affairs or other government agencies, Bi.Zone experts added.

Protective measures

The State Services Support Service promptly responded to messages about the activation of scammers and strengthened the protection of user accounts. Now, after entering the code from the SMS message, the hacker or real user will need to enter some additional information: SNILS, TIN, series and passport number. In addition, a reminder will appear in the SMS message with the code that it should not be shared with anyone. Finally, on the portal, you can specify a secret word that will be requested before entering the code.

Related materials:

Besides, in the Ministry of digital development, communication and mass communications of the Russian Federation (Mintsifry of Russia) warnedthat employees of the State Services portal never call without a citizen’s request and do not request his data. The Russians were asked to be careful not to share their phone number, SNILS, passport data or any other information with third parties.

How to protect yourself from scammers

Phone scammers usually look for information about Russians in open or poorly protected databases. Therefore, most often they call those citizens who do not carefully take care of their personal information, said Vitaly Vekhov, professor of the Department of Security in the Digital World at Bauman Moscow State Technical University. He said that in many cases, instead of a real phone number, a fictitious one should be given. For example, in supermarkets, when issuing discount cards. Fake data about yourself and your birthday will help reduce the number of calls from intruders and become protection against them.

Related materials:

The expert revealed other ways to protect yourself from scam calls. When you exit your personal account in the browser, you must delete the password or do not check the “remember” box when logging in so as not to save any login data. You should also clear your browser history. “Yes, it’s inconvenient, but it saves you from scammers to some extent. Also, do not provide your personal data even in closed groups of social networks,” the specialist noted.

If the attackers still got through, it is recommended to avoid unambiguous answers in the conversation and not to use the words “yes” and “no”. “They ask you: “Is that you?” Don’t say “I”, say “maybe”,” said Alexander Vlasov, an information security expert. And the best way would be to end the call without entering into a conversation.