Experts at Angara Security have recorded an increase in fraudulent schemes in Telegram related to housing and communal services payments. Attackers disguise their bots as official services of management companies and use news about regions transitioning to a unified electronic payment document (EPD) to extract users' personal data and money.
Initially, the project for digitizing payment documents, implemented through "Gosuslugi" and regional portals, was conceived as a way to make utility payments more convenient and reliable. However, fraudsters quickly adapted to the new conditions.
According to Angara Security, back in August, they began distributing phishing Telegram bots promising "everything for managing the house" — from submitting meter readings to receiving applications to the dispatch service.
Victims receive personal messages on behalf of management companies with a request to "clarify data", or mailings allegedly from chairmen of homeowners associations and housing cooperatives. Sometimes, fraudsters launch discussions in local chats, where, on behalf of "ordinary residents", they advise a "convenient bot for payment". As a result, the person is asked to follow the link, indicate the address, phone number, and enter the confirmation code. This data immediately goes to the attackers.
Experts emphasize that real management companies and homeowners associations do not send mass messages in messengers and never request personal data or codes from SMS.
Read more materials on the topic:
- The rules for holding meetings of property owners have changed: voting is now only through the GIS Housing and Communal Services
- Notifications of debts for housing and communal services will come through "Gosuslugi": the experiment will begin on July 1
- Scammers deceive Russians using a scheme with fictitious debts for housing and communal services