The Ministry of Digital Development, Telecommunications and Mass Media of the Russian Federation (Mintsifry of Russia) commented on cases of fraud with QR codes on the State Services portal, and also gave instructions on how to protect yourself from fraudsters.
Posing as employees of the Gosuslugi portal over the phone, the scammers offer to link a QR code to the user’s page and gain access to the personal account of citizens. The attackers can then, for example, use the victim’s data obtained from the portal to apply for loans. The Ministry of Digital Development clarifies that a QR code appears in a verified account automatically when the regulator transmits information about vaccination or a previous disease.
What to do if you received a call and were offered to link a QR code to a page on the State Services:
- Hang up and don’t give any details.
- Do not send SMS with codes, do not change the password with the help of the caller
- Report a call to the Ministry of Internal Affairs and the hotline for supporting the State Services Portal at the number: 8 800 100 70 10 or through the feedback platform
The Ministry of Digital Resources reminds that employees of the State Services portal never call without a citizen’s request and do not ask for his data, including phone number, SNILS, passport data or any other information. Fraudsters initiate a password recovery to a user account over the phone. They enter the victim’s phone number, after which they call the user and ask him to dictate the code received in the SMS. This allows you to generate a new password, and the user loses access to his account.
The State Services Support Service has already developed enhanced protection for user accounts:
- Before sending an SMS to the user to change the password, the portal requests a code (“captcha”), and after that additional information: SNILS, TIN, passport series and number. This information is requested by the system, not by the employee
- The message contains a reminder that the code should not be shared with anyone.
- You can also specify a secret word. It is requested before entering the code from the SMS