Cybercriminals are actively distributing fraudulent emails disguised as official notifications from the “Gosuslugi” (Russian Public Services) portal. Daniil Borislavsky, Product Director of Staffcop Information Security at Kontur.Egida, reported this development. According to Borislavsky, these emails falsely inform users about an alleged login to their account from an unusual or suspicious location, such as Mariupol. The fake messages include seemingly credible technical details, such as the date, time, IP address, and browser type, making them appear very similar to genuine notifications from the service.
Borislavsky emphasized that these fraudulent emails typically include a “support” phone number at the bottom. If a user calls this number, the perpetrators follow a standard script: they request personal data, “verify” identity, and then ask for a verification code from an SMS message. This sophisticated method allows them to gain unauthorized access to the victim`s account on the government portal.
The expert highlighted an important detail regarding these mass mailings: they often arrive at email addresses not directly linked to the “Gosuslugi” account, and may even contain incorrect surnames. This indicates a widespread, indiscriminate attack designed to induce panic and prompt users to act impulsively. “This is a well-crafted psychological trap: the more stress an individual experiences, the higher the chance they will comply with the fraudsters` demands,” Borislavsky explained.
He further clarified that this combination of fake emails and subsequent phone calls constitutes a hybrid phishing attack. It is crucial to understand that if you receive such messages, you should under no circumstances call the numbers provided within them. “We strongly advise users to ignore such emails, block the sender, mark them as spam, and absolutely avoid calling any listed phone numbers. All actions related to verifying account logins or any other activity should be performed exclusively through the official `Gosuslugi` website,” Borislavsky concluded.
