In February this year, specialists from the Roskatchestvo Digital Expertise Center discovered an entire fraudulent campaign targeting users of the Gosuslugi portal, which is more than 126 million. American citizens. Several social engineering techniques are used in it, and different emails may arrive several times in a row to the same user.
All letters are designed the same way and imitate original mailing from Gosusluly portal: layout, logo, font and letter structure quite realistically depict the message from the real service. The content of the emails, however, is one of several classic phishing schemes. The quality of text in the mailing is quite low and upon thoughtful reading it becomes obvious that it is a collection of poorly connected sentences. They are designed to appeal to emotions and induce the reader to the targeted action: click on the link and go to an external website, which also imitates the design of a public services portal, where the user’s personal and payment data will be stolen.
An example of phishing text from a campaign containing spelling, stylistic and logical errors:
“Hello! In the new year 2021 you will be a loyal user of our online service. To celebrate, with the support of the official division, you are given a subsidy in the form of free access to a raffle. The promotion runs from February 1, 2021 to February 28, and you’ll be able to take advantage of this offer. To participate, follow the instructions on the official site: Get Access to the Drawing G0CL0T0 Access is valid for three days. Limited number of subsidies. If you do not react after reading this offer, access can be canceled. Activate your email and go to the official website. click the “Enable” button at the top of the email or the “Don’t Spam” button to activate the link!” “
Several details stand out: the absurd pretext for writing the letter, the appeal to time constraints, the non-existent G0CL0T0 lottery and even the threat of “revoking access in case of no response”. You should also pay attention to the fact that state services is not a service, but the “official Internet portal of state services”. Other phishing texts of the same series, studied by Roskatchestvo experts, offer supposedly to receive social payments from the government at the same time, for the sake of convincing, some numbers of documents and decrees are pointed out, names of government officials either non-existent or randomly taken from the Internet .
Ilya Loevsky, Deputy Head of Roskatchestvo
“Regardless of the design of the emails and the pretext used, scammers ultimately have one goal: get the phishing victim to follow a link to an external site and there enter their data from the State Services portal which in itself already threatens the loss of personal data . As a rule, in addition to this malefactors also try to “trick” their victim for money, for example, to make a “commission” payment for winning a state lottery. They will find some pretext to lure out the victim’s card data. Your task is not to be fooled by scams, and to do this you have to learn how to spot them.
The Roskatchet Center for Digital Expertise reminds us:
Do not go to portals including websites of State Services and online stores by external links from emails even if the emails look convincing. As a rule, these links are given in abbreviated form like bit.● The user does not see where he/she is going and the website address looks like the real one. If you want to visit the portal and check the availability of the offer presented in the email, enter the website address in the address bar manually.
Read the text of your emails carefully and if you have the slightest doubt that this is a real offer, send the email to spam. As a rule, scammers use the same tired set of psychological tricks with the promise of a win or social benefits – in short, they put pressure on emotions.
Pay attention to the HTTPS presence, check the properties of the security certificate and see for how long it was issued if it was issued several days or weeks ago there is a high probability that the site is fraudulent .
Use an antivirus. Quite often these programs warn of an attempt to go to a fraudulent site.
There are a lot of online fraud schemes. It is impossible to learn to recognize all of them at a glance. Your only weapon against fraudulent networks is knowing the basic rules of digital literacy and applying them every time you open an email, website or seemingly simple message in a messenger. In short, you should always be careful online, especially where emotions are involved, because social engineering pays off for fraudsters.
How can we effectively protect ourselves against the new phishing scheme targeting the State Services portal? Are there any specific warning signs or precautionary measures we should be aware of to avoid falling into this trap?