how to get a password and apply for multimillion-dollar microloans: Cybercrime: Internet and media: Lenta.ru

Fraudsters issued microloans to Russians by hacking into their accounts on the Gosuslugi portal. As analysts from the information security company FAS.S.T., who investigated a number of similar cases that occurred back in 2020-2021, told Lenta.ru, cybercriminals earned several million rubles every day in this way.

It is noted that the size of one individual loan could reach 30 thousand rubles. At the same time, fraudsters artificially increased the amounts that microfinance organizations (MFOs) and microcredit companies (MCCs) approved for them. To do this, they took out one small loan, paid it off, and then took out the next, larger one. Now, several years later, conducted with the participation of FAC.C.T. analysts. the investigation helped identify several people involved in the scheme.

Fraudsters bought access to Russian accounts on the darknet

Cybercriminals did not hack Russians’ accounts on Gosuslugi on their own, preferring to use the services of professionals specializing in this. You could buy access in trading topics on darknet sites or in thematic Telegram channels and bots. As of 2021, the cost of one hacked account varied from 25 to 100 rubles apiece.

“In most cases, sellers of such data used password brute force methods (also known as brute force, from the English brute force – brute force – approx. “Lenta.ru”)to access your accounts. The people for whom the scammers issued loans did not even suspect it,” said the company FAC.C.T.

The microloans themselves were transferred to the bank cards of dummies—the so-called drops. As a rule, they are students or low-income people who, for a small fee, open bank accounts for themselves and then transfer them to criminals. However, as the researchers note, in some cases scammers did not hesitate to use the bank cards of their friends and acquaintances.

Over the years the scheme has become more sophisticated

The popularity of this scheme among scammers reached its peak by April-May 2022. But then additional security measures were taken – Gosuslugi began to require users to enable two-factor authentication.

In this regard, attacks on Russians continue to this day. For example, in one of the more complicated schemes, scammers first send the victim a message about blocking “State Services”, after which they write that access can be restored by providing a confirmation code that is sent to his device. In other scenarios, Russians are asked to download a malicious application from a link, confirm the delivery of a non-existent package, renew a SIM card, or clarify information about pension savings.

According to Lenta.ru, even despite the difficulties created by cybercriminals, access to accounts on State Services can still be purchased on the darknet. However, their cost is already much higher than four years ago – from 7 to 20 dollars (from 750 to 2100 rubles).

“To avoid becoming a victim of attackers, it is necessary to maintain digital hygiene, configure available security tools, and not disclose security codes even to very convincing interlocutors,” FAC.C.T. analysts urged.

They added that Russians should regularly check information about microloans issued to them on specialized websites. Speaking about the technical side of the issue, in FAC.C.T. They recommended enabling two-factor authentication in all services and setting a complex password for State Services, which is not used anywhere else. Of course, you don’t need to tell anyone your logins, passwords, or login or transaction confirmation codes. The final recommendation is to regularly update all applications as new versions are released.