A sophisticated new scam is targeting individuals applying for Schengen visas. Fraudsters, posing as embassy representatives, contact applicants who have submitted documents to visa centers, claiming to need to verify details. They then instruct victims to confirm their data using an `electronic signature` by providing a code received via SMS. After a series of such actions, the criminals begin extorting money from their victims. The critical question remains: how are these fraudsters obtaining applicants` personal information?
This emerging fraud scheme, which poses a significant threat to Schengen visa applicants, was reported by RIA Novosti, citing information from SafeTech. The criminals initiate contact by impersonating embassy officials, phoning individuals who have visited visa centers to submit documents. They claim to be clarifying certain application details. The fraudsters then insist that applicants must `confirm` their data using an electronic signature, which involves providing a code sent via SMS. Alarmingly, these verification codes might originate from any website, even from a supermarket chain, blurring the lines of legitimacy.
Following this initial contact, victims reportedly receive messages from a mobile number, ostensibly from `Gosuslugi` (the Russian public services portal), informing them that their account data has been uploaded to their email and that a power of attorney is being processed. The message often includes a deceptive instruction: if these actions are not theirs, they should call a provided number. Once the victim calls, the fraudsters exploit their panic, demanding money and falsely claiming that the victim`s actions are linked to terrorist financing. Discussing how applicant data might fall into the hands of these criminals, Yuri Pevzner, an expert in visa and migration issues, suggests that such fraud is often connected to unscrupulous visa centers or organizations that, instead of securing visas, effectively process rejections. He notes that agreements between applicants and these agencies often stipulate that a certain sum is withheld if the consulate denies the visa. If an organization entrusted with document preparation fails to fulfill its duties in good faith, this opens the door for such fraudulent schemes. Pevzner also highlighted frequent instances where applicants received rejections through certain visa centers, and upon reviewing their documents, it became clear that the applications were poorly prepared.
Fedor Muzalevsky, Technical Department Director at RTM Group and an expert in information security and computer forensics, points out that data leaks aren`t solely attributable to unethical visa centers. He states that numerous points of vulnerability exist for data breaches, including passport and visa services, tour operators, and potentially even individuals within embassies. However, Muzalevsky believes the leak source is likely closer to the individual, such as a tour operator or an intermediary in the document submission process. He suggests these are more often instances of carelessness in data storage — for example, improperly configured Google Sheets permissions — rather than deliberate leaks. While intentional leaks cannot be entirely ruled out, he strongly suspects negligence. Muzalevsky emphasizes that embassy staff would never use personal online accounts or SMS confirmations, as their information systems are internal and not linked to applicants` mobile numbers. Therefore, when submitting documents, applicants should be aware that while it`s acceptable to discuss matters by phone or consult with the intermediary, they should never take immediate action over the phone.
Regarding damage mitigation if such a scam occurs, Muzalevsky advises immediately blocking any accounts linked to the SMS codes that were shared. He likens this visa scam to `plastic windows for burglars in the 90s` — a sign of someone with money to steal. The ultimate goal of these scams is financial, meaning data related to online banking, Gosuslugi, or other personal accounts could be compromised. If information has been shared for any account, the priority is to block that account first, then address other issues.
Beyond these extortion schemes, other types of visa-related fraud exist. Criminals frequently create counterfeit websites that mimic official foreign consulate portals or fake visa center sites. These deceptive sites lure unsuspecting applicants with promises of expedited document processing and guaranteed results for an additional fee, ultimately defrauding them.
