Cybercriminals have started impersonating electronic diary services and Russian Ministry of Education portals with the aim of stealing accounts belonging to teachers, students, and their parents.
A network of phishing websites has been discovered, designed to trick users into logging in through the Unified System of Identification and Authentication (ESIA). Unsuspecting victims enter their credentials on a page that closely mimics the official government service login form.
Upon entering their login, password, and the six-digit SMS code, perpetrators immediately gain full access to the victim`s “Gosuslugi” (Public Services) account.
There have been reports of fraudsters calling individuals, posing as ministry employees. Under the guise of needing a “character reference” for university admission or employment, they instruct victims to visit a deceptive website to “obtain” the necessary document, thereby tricking them into logging in.
A notable surge in scammer activity was observed between August 8th and 18th, during which at least four new malicious resources were created.
Previously, common scam tactics involved fraudsters impersonating postal workers, delivery services, or financial regulators. More recently, new ploys have emerged, utilizing fake marketplace and retail brands.
