The Kommersant publication reported on a new fraudulent scheme aimed at obtaining personal data from users. To do this, the attackers used Gosuslugi, which allows them to obtain not only data for the portal, but also complete information about the user.
According to the source , scammers use push notifications to steal account data. Posing as a telecom operator, they invite the victim to go to a phishing site under the pretext of verifying passport data. There, the user fills out a form and goes to a fake page that imitates an entrance to the State Services portal. The account data entered there falls into the hands of attackers.
In the future, fraudsters can use personal information to make calls to steal money. Experts note that this scheme is also dangerous for telecom operators, since due to the actions of attackers, trust in official messages is reduced.
According to the publication, in the first two months of this year, over 40 thousand phishing sites were recorded on the RuNet. Some mobile operators noted that they use their own systems to identify fraudulent resources.