The introduction of digital passports in Russia could trigger a new wave of fraud attacks on the Internet; The purpose of these attacks will be to steal Russians’ accounts from State Services. Igor Bederov, head of the information and analytical research department of T.Hunter, told socialbites.ca.
A digital passport is an electronic identity document that can be used instead of a paper document in some cases. The digital passport will be allocated to the citizen’s account in the State Services and can be reproduced on the smartphone screen from the portal’s website or application. On September 18, Russian President Vladimir Putin signed a decree requiring the government to prepare within three months a list of cases in which a digital passport can be considered equivalent to a paper passport.
Igor Bederov believes that the introduction of the digital passport will first of all trigger the sending of emails, as well as messages in social networks and instant messengers, and will motivate Russians to go to malicious sites that imitate the Gosuslug interface. Attackers will capture portal logins and passwords, as well as one-time two-factor authorization codes.
“Motivation formulations can be completely different. For example, the text of a letter with a link to a phishing site may contain an appeal for the urgent need to obtain a digital passport. Another obvious example is the call to log in to Gosuslugi to find out in which cases electronic ID works,” said Bederov.
According to the expert, stolen accounts can be used for different purposes. For example, some credit organizations allow you to issue microloans using State Services, and accounts on the portal are often sold on the dark web.
“The stolen account can be used during electronic voting. “I assume that on the eve of the presidential elections in the Russian Federation in the spring of 2024, there will be major attempts to hack the State Services of Russians,” Bederov added.
Previous Russian buyers of iPhone 15 warned About new fake sites in RuNet.