The Ministry of Internal Affairs has identified two fraudulent schemes used to gain access to "Gosuslugi." However, cybersecurity experts note that there are actually many more hacking methods, and they are constantly changing. We explain how attackers gain access to personal accounts on government services, why they do it, and how to protect yourself from such attacks.
Main Schemes
In the first case, attackers often resort to reissuing a number, usually one that the owner has not used for a long time. The number is registered to a new owner, who then changes the password on the "Gosuslugi" portal by simply entering a one-time code from an SMS. At the same time, the victim is not even aware of what is happening, since access to the application is not blocked when the password is changed.
In another common scenario, fraudsters use social engineering methods. They call Russians, posing as employees of a telecom operator, and offer to extend the service agreement for the number. To do this, they also ask to name the code from the SMS. In fact, this code is necessary to access your personal account on "Gosuslugi."
Having received the code, the attacker enters the personal account of "Gosuslugi" and changes the password, in the hint field to the control word writes: "Your account is blocked, call the specified number." In this phrase, the specified phone number will be the number of fraudsters, after a call to which a scheme will be used to transfer funds to a "safe account."
Attackers, having gained access to a user account, can, for example, issue microloans in his name. To do this, they contact credit bureaus, request 2-NDFL certificates and register additional numbers using an enhanced unqualified electronic signature generated in the "Gosklyuch" application.
Something New
In addition to the two methods described above, there are other ways. One of them is phishing. Criminals send fake messages that look like notifications from the portal, said Marina Probets, an Internet analysis specialist and expert at Gazinformservice.
These messages contain malicious links leading to fake sites. On these sites, users enter their logins and passwords.
Another common way is to use malicious software that is installed on victims' devices and secretly steals confidential data, including login information for "Gosuslugi."
However, according to her, attackers are constantly improving their methods, adapting to protective measures and new technologies. Thus, fake sites become almost indistinguishable from real ones, and fake SSL certificates are used to increase trust.
In addition, fraudsters are increasingly using methods to bypass anti-phishing systems. They create chains of redirects or use domains that are similar to legitimate ones, but with slight changes.
Various schemes can also be used in fraudulent schemes involving telephone calls, notes Maxim Alexandrov, a specialist in software products at Code of Security.
Fraudsters can pose not only as employees of the operator, but also as employees of the portal itself. They offer additional account protection and again ask to name the code.
In addition, they can send an email with a document confirming payment for housing and communal services, containing a QR code that leads to a fake page of the "Gosuslugi" portal. If the user enters his credentials on this page, the attackers will gain access to his account.
This method is relatively new — the surge occurred at the end of last year, and not only with online "payment orders", but also physical ones, which criminals dropped into citizens' mailboxes.
Protection
Attackers seek to gain access to "Gosuslugi", as this gives them the opportunity to seize a large amount of users' personal data. This information, including passport data, taxpayer identification number, insurance number of an individual personal account and bank details, is a valuable resource for committing various illegal actions.
Analyst Marina Probets notes that fraudsters can use this data to issue loans in other people's names, steal funds, commit real estate fraud, and also receive government benefits or privileges on behalf of other people.
Access allows fraudsters not only to obtain the data itself, but also to take actions on behalf of the victim, which simplifies the commission of the crime and makes subsequent investigation difficult. Thus, hacking or deceiving users opens up wide opportunities for fraudsters.
Therefore, it is necessary to ensure reliable protection of your account from unauthorized access and regularly check whether there have been attempts to log into your profile by unauthorized persons. To do this, you can use the "Security" section in the application, going to the "Actions in the system" section.
You should also carefully monitor any changes in your personal data, such as adding new phone numbers, email addresses, or bank cards.
One of the most obvious signs of hacking is receiving notifications about actions that you did not take, such as applying for a loan, changing your password, or processing documents.
To ensure the security of your account on the "Gosuslugi" portal, a comprehensive approach is required. The most effective way is to use a reliable and original password, which should consist of a long combination of letters (both uppercase and lowercase), numbers and special characters.
In addition, it is recommended to activate two-factor authentication, which provides an additional level of protection using a code received via SMS or an authenticator application.
It is also important to be vigilant when receiving suspicious messages: do not follow links from unknown sources and do not open attachments from unfamiliar senders.
The basic rule is not to provide anyone and never your credentials and codes. From March 1, Russians will be able to introduce a self-ban on receiving loans.
Recall that, according to Sberbank's estimates, in 2024, Internet fraudsters stole from Russians about 250–300 billion rubles. The Ministry of Internal Affairs reminded that you should not continue the conversation on the phone if the interlocutor offers to withdraw money or send it to a secure account. This may be a sign of fraud. You should be very careful with any calls so as not to become a victim of fraudsters.
Earlier, Russians were told which password fraudsters will not be able to pick up. Secure combinations should consist of 12–16 different characters or include words.
In the coming year, as in the past, fraudsters will actively use various schemes to obtain Russians' personal data. Stanislav Kuznetsov, Deputy Chairman of the Board of Sberbank, said that the most common ways will remain hacking accounts on the "Gosuslugi" portal, sending messages in messengers on behalf of managers.
Read materials on the topic:
New attack on Russian PCs — why hackers need home computers
Fake "Gosuslugi" websites have started working in Russia
"Various ways of penetration": there is a database of hackers about all Russians in the darknet
QR codes for deception: fraudsters in 2025 will continue to use proven schemes
Russians warned about a new fraud scheme through housing and communal services applications
