Group-IB, an international cybersecurity company, and the Moscow Department of Information Technology have helped Moscow police in identifying and detaining the operators of a fraudulent online service, selling fake digital passes to the residents of Moscow and Russian regions to move around the cities during the COVID-19 lockdown. Group-IB experts have discovered a total of 126 fraudulent online resources — websites, Telegram channels and groups in social media that illegally sold fake certificates and digital passes to move around the city amid COVID-19 lockdown. Over a half of those web resources have already been blocked.
According to Group-IB’s data, the first scams to sell fake digital passes appeared in late March, when the Moscow authorities tightened self-isolation requirements and restricted travel around the capital city. A Moscow mayor decree determined three official ways to get the digital passes for free: by visiting the mos.ru website, calling +7 (495) 777-77-77 phone number or sending an SMS to 7377. However, starting on April 13, Group-IB began detecting an overwhelming growth of fraudulent services’ registration: websites, Telegram channels, and accounts on the VK (Russian social media network) and Instagram, all of which offered to buy passes granting the right to travel around the city during the quarantine at a price ranging between $38-65.
Group-IB’s cyber investigation experts have managed to identify administrators of one of the fraudulent criminal groups, offering digital passes to move around Moscow, St. Petersburg and Krasnodar in a well-known messaging app. The fraudsters, who passed themselves off as law enforcers, in a personal chat with their “clients,” pledged to help them with the issuance of passes on the public services portal Gosuslugi.ru, based on a “semi-legal” scheme, as they said. To get the fake pass, one was asked to send the passport details and, if they needed a relevant permit for their vehicle, license plate number as well. As soon as the scammers got the money, they deleted the chat with the victim and blacklisted the latter. In two weeks of their operations, the scammers have successfully carried out several such “operations,” with the cost of their service ranging between $38-45. The majority of victims were those who were freaking out about the move restrictions and did not wait for the official procedure to issue the passes to begin.
During the investigation, carried out with the help of Group-IB’s experts, the Moscow police found evidence that pointed to two Moscow and the Moscow region residents who allegedly ran the operations. Both suspects were detained on April 21 and confessed to the fraud. As a result, criminal proceedings have been initiated in accordance with the Russian Criminal Code (Article 159). During the search, the police found and seized mobile phones and notebooks.
“Amid the COVID-19 pandemic scammers actively exploit the coronavirus, self-isolation and lockdown passes themes in various phishing and vishing scams, and offer to buy fake digital passes,” says Sergey Lupanin, head of cyber investigations at Group-IB. “The danger is that by purchasing fake lockdown passes the victims can not only lose their money and payment data, but also sensitive personal information. For example, by obtaining the victim’s ID number fraudsters can apply for a loan on their behalf.”
Together with the Moscow Department of Information Technology Group-IB is investigating a number of cases involving illegal distribution of fake digital passes and other types of fraud. The obtained evidence is shared with law enforcement to stop illegal activities.
As of April 26, Group-IB’s Brand Protection team has discovered 126 fraudulent resources selling fake digital passes to move around Moscow, including 25 websites, 35 groups and accounts in social media, 66 channels on the Telegram messenger. Group-IB has blocked 78 resources so far and continues blocking and monitoring activities.
Group-IB is a Singapore-based provider of solutions aimed at detection and prevention of cyberattacks, online fraud, IP protection and high-profile cyber investigations.
Please give me your vote for European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS
(SecurityAffairs – COVID-19, hacking)