Scammers Use New Tactic to Access Gosuslugi Data

Scammers have developed a new scheme to gain access to the data of subscribers of major telecom operators. The Telegram channel True OSINT was the first to report this method.

The scheme works as follows: criminals create phishing websites disguised as official operator portals and send push notifications to subscribers, urging them to confirm their passport details via a link that leads to a fake page. This page then redirects users to a counterfeit Gosuslugi login page for additional verification, where they are asked to enter their username and password.

“Of course, the password won’t work, and users are then redirected to a page where they are asked to enter codes from SMS messages, since two-factor authentication has become mandatory there. The scammers don’t actually need your access to Gosuslugi. They simply change the password, and now they have a potential victim whom they can contact using the information left on the first page, pretending to be from Gosuslugi or the Central Bank, and convince them to transfer money to a ‘safe’ account,” True OSINT explained.

Representatives from MegaFon and MTS told RBC that they detect fraudulent resources using their own anti-phishing tools. Tele2 stated that they have not observed a significant increase in phishing-related fraud.

Other Methods of Gaining Access to Gosuslugi Accounts

Experts from R-Vision previously warned about another scheme for accessing Russians’ Gosuslugi accounts. In this scenario, scammers inform the subscriber that they need to renew their contract and send an SMS with a confirmation code for resetting the Gosuslugi password. If the person provides the code, they lose access to their personal account.