Why are they doing that
Fraudsters have begun to hack the accounts of Russians on the portal of state services more often, according to the company that produces systems for combating data leaks DeviceLock. In addition, the darknet recorded an increase in sales of accounts at a price of about 40 rubles for a “new” and 4-5 rubles for a “used” profile.
According to experts interviewed by Izvestia, the growing interest of fraudsters in the resource is directly related to the expansion of the range of services offered through Gosuslugi.
By hacking or buying accounts, fraudsters gain access to a huge amount of information about a person. The personal account contains the user’s passport data, SNILS, TIN, OMS and VHI, information about the car and real estate, bank cards and an electronic digital signature that allows you to dispose of property. Access to this data allows you to steal money, carry out various operations and even donate real estate.
“Today, a lot of services can be obtained without personal presence, only according to the data of documents, which is what attackers are trying to take advantage of,” says Alexei Pronin, head of the information security service of the fintech company RBK.money. – In addition, information from an account on “Gosuslugi” is just a gift for those who are engaged in social engineering.
A criminal will be able to call a person on a mobile phone, name any data – for many, this will become a convincing argument in favor of the fact that a bank employee or a police officer is talking to him, and then steal the funds.
According to experts, most often fraudsters hack or buy accounts on “State Services” to further compromise the subscriber and obtain financial benefits, or resell personal data for advertising purposes.
“Accounts are bought in large quantities, since not everyone can make a profit,” Mikhail Sergeev, a leading engineer at CorpSoft24, explains to Izvestia. – And, for example, by hacking 100 thousand accounts in automatic mode and selling them at 50 rubles apiece, fraudsters can make a profit in the region of 5 million rubles.
Hacking a verified account on “Gosuslug” is very dangerous. Having gained access to someone else’s personal account, an attacker can register a fictitious company in the name of the real owner and take several loans. There are also known cases when attackers fraudulently obtained someone else’s electronic signature, re-registered housing to another person and sold it.
“Accounts are also used for fraudulent lending in trade,” says Evgeny Sukhanov, director of the information security department at Oberon. – Often online stores allow you to get approval for a loan for a buyer with the help of identity verification through “State Services”.
Basically, fraudsters who want “easy money” are engaged in buying hacked accounts, says lawyer Venera Shaydullina. But sometimes commercial projects are also involved in this – for example, if you need to form a base by gaining access to personal data of people.
What are the consequences of a hack
The least that you can face after hacking your account is the need to visit the My Documents office to restore access, says Mikhail Kondrashin, CTO of Trend Micro in Russia and the CIS. If the attackers succeed in realizing their plans, the victim may soon discover that fines or credits have been written on her.
According to Venera Shaydullina, most often fraudsters issue microloans for a person. Having gained access to the user’s personal data, it is not difficult for them to quickly create a profile in the MFI’s online services.
– The problem is that the person will not even know about it, – says the expert. – Then there is a delay in payment, and the MFO applies for a court order, initiates enforcement proceedings. As a result, a person learns about the deception by chance: for example, he is going abroad, and he is deployed at the airport, since the bailiff has imposed a restriction on traveling abroad.
In addition, Alexey Pronin adds, using data from the personal account of “Gosuslug”, fraudsters can try to gain access to the online offices of banks, trading platforms and withdraw money from there. They can also register a SIM card for a person, open an account or issue a virtual credit card.
Rarer ways to use an account on “Gosuslug” are receiving subsidies or remote participation in justice, which also does not require a personal appearance and rechecking.
“You can initiate a fake legal dispute, in which the victim judges this or that property,” says lawyer Victoria Bessonova. – In the future, it will be difficult for her to prove her innocence to the process.
Protect your account
The Gosuslug service itself is reliably protected from hacking. However, there is always a human factor: frivolity and excessive gullibility of citizens. According to Artem Izbaenkov, head of Servicepipe, the most common way to steal accounts on Gosusluga is through phishing emails. These are messages that outwardly resemble the official notifications of the service, but came from a different, disguised address.
– The purpose of sending them is to make the user transfer their data, including authorization data. To do this, fraudsters often use notifications about the appointment of payments or subsidies, – says the source of Izvestia.
You can protect yourself from hacking your account using two-factor authorization, in which you can enter the page only by entering the code from the SMS. It is also very important to be attentive to the following links from any e-mail messages – notifications from “Gosuslugi” can only come from the address firstname.lastname@example.org.
In addition, adds Mikhail Sergeev, lead engineer at CorpSoft24, it is necessary to observe computer security techniques: do not install software from unknown sources, do not transfer access to accounts to third parties, do not go to sites that look like “Gosuslugi” – only the gosuslugi.ru domain.
– Use complex unique passwords for each site and service, monitor the security of your e-mail, to which online banks, personal accounts, social networks and other services are linked. Do not log into your account from other people’s devices, through public Wi-Fi networks, says Mikhail Pronin.
It will not be superfluous to periodically analyze the history of logins to your account, adds Sergey Belov, an expert in the field of information security. If you find logins that have not been made, you should immediately change the password.