Cybercriminals are increasingly distributing sophisticated fraudulent emails that skillfully mimic official communications from Gosuslugi (Public Services), the key Russian government portal. These deceptive messages falsely alert recipients about suspicious logins to their accounts from unknown locations, as revealed by Daniil Borislavsky, Product Director for Information Security at Staffcop `Kontur.Egida`, in an interview with RIA Novosti.
Borislavsky highlighted a significant surge in user reports concerning these phishing emails, noting their striking resemblance to legitimate Gosuslugi notifications. “They claim there`s been an account login from a suspicious geographical location, for instance, Mariupol,” he explained. “The emails provide technical specifics such as the date, time, IP address, and browser used. The overall presentation is remarkably convincing, making it appear as a genuine alert from the portal.”
A common tactic in these fraudulent emails is to provide a `support` phone number, urging recipients to call immediately for assistance. If a user contacts this number, the perpetrators employ a well-established social engineering scheme: they request a one-time verification code sent via SMS to the user`s phone. Gaining access to this crucial code allows the scammers to effectively compromise and take control of the victim`s Gosuslugi account.
Borislavsky emphasized that these phishing attempts are meticulously designed to induce panic in users, prompting them to react impulsively without careful consideration. He strongly advised against calling any phone numbers provided in such suspicious messages. Instead, he recommended marking these emails as spam to prevent further deceptive communications.
This incident follows a prior warning issued earlier in July by `Kod Durova,` which reported a similar scam where fraudsters were impersonating employees of `Max,` a new domestic messenger service, as a means to steal Russian citizens` Gosuslugi accounts.
