Fraudsters have started using the Max messenger to deceive users, according to MTS's cybersecurity report. According to Andrey Biichuk, director of the "Defender" service, isolated cases have been recorded, but they indicate the testing of new schemes that may be applied on a massive scale.
As the "Code Durov" portal found out, attackers pose as Max employees and try to gain access to personal data under the guise of connecting additional security measures. Calls are made via mobile communication, not through the messenger. The subscriber is informed about the need to register in the "national messenger" and activate the "security account". To do this, they are asked to dictate the code from the SMS, which actually comes from "Gosuslugi".
Fraudsters claim that Max is a government service and is connected to other digital platforms, including "Gosuslugi". This is how they explain why a code from state systems is required to activate the messenger's functions.
One of these calls was also received by the editors of "Code Durov". The caller used a standard scenario — he announced the launch of a new state messenger and insisted on the urgent activation of a "security account".
The Max press service emphasized that messenger employees do not call users.
Read more materials on the topic:
National messenger Max will exit beta in the fall of 2025
Max messenger received permission from the FSB to connect to "Gosuslugi"