Scammers Disguised Their Sites as Government Services and Browser Websites

By Ava McKinneyOnline Safety

Scammers Disguised Their Sites as Government Services and Browser Websites

Group-IB specialists have uncovered a fraudulent network consisting of about twenty websites. The scammers deceived users by disguising their sites as official government services and popular browser websites. The creators of these fake resources promised visitors rewards of up to 200,000 rubles. To “earn” this money, users had to complete a series of steps, each requiring a payment: the minimum was 350 rubles, and the maximum was 1,700 rubles. This money-making scheme has been running since April 2018, targeting unsuspecting citizens in Russia, Ukraine, Belarus, and Kazakhstan. According to researchers, in just one month, these fake sites attracted around 300,000 visitors.

The fraudulent network was discovered after a complaint was filed on May 20, 2018, with the CERT Group-IB Cyber Incident Response Center about the site http://browserupd[.]space. Visitors to the site were promised between $50 and $3,000 (3,000 to 200,000 rubles) for using supposedly “updated” versions of browsers like Google Chrome, Safari, Opera, and others. The site’s creators explained this “unprecedented generosity” as a marketing campaign: allegedly, $1,500,000 was allocated to reward the first 10,000 users who updated their browsers. Of course, no one actually received any money.

How the Scam Worked

Group-IB experts found that the scammers didn’t just copy the branding, logos, and colors of browsers—they also identified the user’s browser and tailored their offer to each visitor. The site used a special script to detect the user’s browser type and, based on this information, automatically loaded the appropriate content. It even generated a personalized “browser update certificate” with the user’s real IP address, operating system, and browser details.

For example, if a user had Google Chrome installed, all the content was customized for Chrome. In one scenario, the site told the visitor that after an “automatic update” to Google Chrome version 66, they had won $2,195 (about 135,000 rubles). However, to claim the prize, the user had to convert dollars to rubles and pay a “commission” (in this case, 162 rubles). Payment was requested through the e-pay platform, which has previously been linked to suspicious schemes.

Expansion to Fake Government Services

Analysis showed that the site was registered on April 26, 2018, and was connected to nine other identical sites (such as browserupd[.]space, successupdate[.]space, successbrowser[.]space, etc.). More interestingly, the scammers also launched a variation of the scheme that imitated government online services.

One of the most popular resources in the fraudulent network, based on traffic, was a fake online platform called “Active Citizen.” Starting April 11, 2018, the scammers created six identical fake sites for the “Regional Development” program, where visitors were promised payouts of at least 65,000 rubles for answering an interactive survey about the need for reforms in housing, education, and healthcare.

Personalized Deception and Endless Payments

Just like with the fake browser sites, the scam was personalized: the program determined the visitor’s location by IP address, and the site’s content and design changed accordingly. For example, for residents of Moscow, the survey header mentioned Moscow and the Moscow region, while for residents of Vinnytsia region in Ukraine, the site used the colors of the Ukrainian flag.

Even after answering the questions, users couldn’t receive their reward due to a supposedly inactive account: “Account activation and unlocking in the ‘Active Citizen’ system during the survey is a paid service and costs 170 rubles.” To confuse users further, the scammers referenced a fictitious “Remote Citizen Survey Regulation” No. 203 dated January 17, 2018. Payment was requested through a non-existent bank of the Eurasian Economic Union, but in reality, the money went through the same e-pay platform used in the first scheme.

Even after paying for account activation, the “active citizen” still couldn’t get their winnings—the scammers kept demanding more payments. The “price list” included:

  • Verification of payment details — 350 rubles
  • Entering survey data into the unified registry — 420 rubles
  • Information system commission — 564 rubles
  • Transfer insurance payment — 630 rubles
  • Payment registration in the management department — 710 rubles
  • Digital signature activation — 850 rubles
  • Security service transfer approval — 975 rubles
  • Digital signature registration — 1,190 rubles
  • Instant transfer service fee — 1,280 rubles
  • Encrypted communication line connection — 1,730 rubles

Scale and Sophistication of the Scam

Despite the short lifespan of these fraudulent sites (from one to two months), Group-IB experts noted the scale of the operation: the scammers had templates and content tailored for different regions of Russia, Ukraine, Belarus, and Kazakhstan. Links to the scam sites were spread through spam and advertising, with each site attracting between 4,500 and 35,000 visitors per month on average.

“A dangerous trend in recent years is the ever-increasing sophistication of fraudulent schemes. This applies to both the external features—site design, interactive elements like fake forums and survey windows—and the technological infrastructure: as soon as one resource is blocked, a new one appears; as soon as one scheme stops being profitable, the ‘packaging’ changes and a new ‘promotion’ is launched. The browser and government site schemes were especially well-developed at every stage: from convincing content and a whole network of interconnected fraudulent resources to the money withdrawal system. This allowed the scammers to reach over 300,000 visitors in less than two months,” said Yaroslav Kargalev, Deputy Head of CERT Group-IB.

Leave a Reply