My personal account was hacked at 18:28. Changed phone number and email at 18:29. The first application for a confirmation loan went at 18:30 – it took the scammers just two minutes to completely take over Ivan Tsybin’s account at public services. Through the site, unknown people issued microloans on his behalf in Nizhny Novgorod and Novosibirsk.
“I received some strange SMS on my phone that now my phone number is in no way tied to my personal account at the State Services. I was surprised, I tried to enter my personal account, it didn’t work,” says Ivan.
Ivan was able to restore access to his profile only in the MFC. Lucky that during this time scammers managed to steal only 20 thousand.
Ekaterina Nesterenko, under the guise of an employee of the Gosuslug security department, received a call from a girl who reported strange activity in her personal account.
“She says, don’t worry. We will block your account now. I am sending you a request from the State Services, you will tell me the code and we will block it,” the victim says. The fact that she was deceived, Catherine realized only when something was wrong with the bank accounts.
“We tried to take out a loan. Well, it’s good, I just rang it all in time, stopped it, blocked it,” said Ekaterina.
The novelty of the season is calls under the guise of MFC employees. Attackers over the phone ask for one-time codes from SMS, allegedly in order to link an electronic certificate of vaccination to a personal profile. And then – the substitution of data for entering the system, and in the hands of criminals – the passport number, SNILS, TIN, electronic signature.
“There are cases when small businesses were leased cars. This is getting a false identity, when a person really has a dubious reputation, pays money, they get your credentials for accessing your “Government Services”, and then you find out that you went through an expensive treatment“, explained Mikhail Kondrashin, a technical cybersecurity expert.
There is no one hundred percent protection against fraudulent attacks, but it is possible to complicate the life of scammers. The first barrier to accessing your data is your password. The more complex it is, the less likely it is to be hacked.
“There are basic attacks, for example, brute force – password guessing and brute force. There is a price of hacking, there is a price of attack. If for object A it will be a million dollars, and for object B – it will be fifty kopecks, then, of course, it will be hacked object B,” said Sergey Sherstobitov, an information security expert.
The Gosuslug support service also recommends setting up two-factor authentication. To set up additional protection methods, you need to find “Account Settings” in your personal account and here, in the “Security” section, enable two-step verification. If you activate it, then without a one-time password that will be sent to the phone number specified by the user, you will not be able to log into the system.
Another useful option is to protect the profile from changing the password. “There is a control question that you can ask yourself: mother’s maiden name, the street of my childhood, my favorite toy. Which will also serve as an additional factor in my authorization,” recalled Oleg Kachanov, Deputy Minister of Digital Development, Communications and Mass Media.
The main thing is that the answer to the security question cannot be easily found on social networks. In the first place in the anti-rating are the names of relatives, dates of birth and nicknames of pets.