Attackers have started using the Max messenger as a legend for social engineering. Posing as platform employees, they call via regular mobile communication and ask users to register in the "national messenger" and activate a "security account." To do this, they demand to dictate the code from the SMS, which actually comes from the "Gosuslugi" portal.
The scammers claim that Max is supposedly already integrated with "Gosuslugi" to justify the receipt of government SMS. In reality, there is no such integration yet — this was previously stated by the Minister of Digital Development, Maksut Shadaev.
Max and its employees do not call users
According to Andrey Biichuk, product director of MTS Defender, these cases are still isolated, but this may be testing schemes for large-scale attacks.
Scammers exploit trust in government services and new digital infrastructure to steal data. It is important for users to remember that no official service will ask for SMS codes over the phone. Such attacks can lead to loss of access to accounts and leakage of personal data.
Read materials on the topic:
Domestic messenger Max entered the top 10 most popular applications in Google Play in Russia
Group video calls without restrictions appeared in the domestic messenger Max
Maximally secure: Max messenger received a monitoring system against cyber incidents
