Fraudsters are reportedly calling prospective students, posing as university or college representatives, and using various pretexts to extract personal data and hack into their `Gosuslugi` (public services portal) accounts. How can applicants avoid falling victim to these schemes while awaiting admission?
During the university admissions season, fraudsters have intensified their calls to applicants. Their tactics vary, but all aim at prospective students anxiously awaiting the coveted `you`re accepted, bring your original documents` message. Some scammers call, pretending to be from a university, and promise `high chances` of securing a state-funded place, according to the Ministry of Internal Affairs. They then send a phishing link leading to a fake `Gosuslugi` portal. Clicking it results in the loss of your account. If you refuse, they might threaten that the applicant `won`t be admitted anywhere at all`.
Another incident was reported by a Business FM listener. Her daughter received a call purportedly from the Moscow State University (MSU) admissions committee, asking her to register on the Ministry of Education and Science portal where entrance exam results would be posted. The unsuspecting girl provided the SMS verification code to the fraudsters. The outcome was typical: her `Gosuslugi` account was hacked, and her data compromised.
The first step, if someone has already fallen victim to such a scam, is to block their account, either independently or with the help of a Multifunctional Centre (MFC). It`s also advisable to file a police report and officially record the theft of your personal account, making it easier to contest any actions taken by the fraudsters in court later. They have many options, as explained by Alexey Gorelkin, an information security expert and CEO of Phishman:
“First, they might take out microloans. Second, if you own property, they might attempt to carry out certain transactions with it. Generally, this is just one phase of an attack aimed at acquiring money or enriching their data with additional information to further develop their scheme. For example, they could obtain information about relatives, then reach out to parents through the child, using details they`ve uncovered. This won`t lead to direct or immediate losses. Instead, criminals maximize their databases to, say, return in a month with a more prepared attack targeting specific individuals.”
“You`re not the first, nor the last, in the chain of phone scammers, so the faster you react, the better,” advises Evgeny Tsarev, managing director of RTM Group and an expert in information security and IT law:
“If only a few hours have passed between the hack and your discovery of it, then most likely nothing significant will happen. At the very least, large sums won`t be quickly obtained because the portal is aware of fraudulent activity, and after authentication data changes, it won`t be possible to get a microloan for some time. So, there`s time to react. However, if a user provided an SMS code and forgot about it for a month, then more serious consequences are possible. But usually, they still try to profit in some way. They need scale for their operations.”
After successfully regaining access to your Gosuslugi account, it`s essential to check the operation history to see what the attackers attempted and whether they succeeded. A loan application will appear in your personal account, allowing you to address it with the specific bank. Another way to check if a microloan has been issued is to submit a request to the credit history bureau. As a protective measure, you can set a self-imposed ban on loans. Over 12 million people have used this feature in the four months since its introduction.
Rupert Blackwood 
Clement Ashworth