Cybercriminals have developed a new sophisticated scam scheme, primarily targeting Russian students and their families. These fraudsters create deceptive websites that mimic legitimate electronic diary services and official portals of the Russian Ministry of Education and Science. Their main objective is to steal login credentials belonging to teachers, students, schoolchildren, and their parents.
Cybersecurity specialists have identified a network of phishing sites that mandate authorization through the Unified Identification and Authentication System (ESIA). Unsuspecting users are prompted to enter their credentials—username, password, and a one-time SMS code—on a page that meticulously replicates the official authorization form for state services. Once this information is submitted, the attackers immediately gain full access to the user`s account on the «Gosuslugi» (State Services) portal.
There have also been instances where criminals contacted potential victims by phone, posing as ministry officials. They would falsely claim that, due to a «new law,» a special «character reference» was required, which supposedly would impact a child`s university admission or future employment. Using this pretext, parents or students were persuaded to visit a fraudulent website, log in, and «obtain» the alleged document.
A significant surge in these fraudulent activities was observed between August 8th and 18th, during which at least four new phishing resources were discovered.
Previously, common guises for scammers included employees of postal services, delivery companies, and financial regulators. More recently, new tactics have emerged, involving the creation of fake brands of marketplaces and major retail chains.
