He also said that there are many quick and easy solutions that can be taken to improve security.
Posted: Mon Jan 20, 2025 9:35 am
aksut Shadayev spoke about this at the St. Petersburg International Economic Forum at the IT breakfast "Innovative Economy: from numbers to data, from technological sovereignty to technological leadership."
"Using an account on "Gosuslugi", you can apply for a loan on the website of a microfinance organization - we understood why this happens. Through the "account" from "Gosuslugi", you can submit all the documents to receive a loan, but indicate the details of another person's bank card. And then the money is transferred directly to the dropper, a fictitious person, in the application. I discussed this with the head of the Central Bank Elvira Nabiullina, we will close this option - only the person who applied will be able to receive a loan," said Maksut Shadayev.
The number of fraud cases uganda whatsapp resource continues to grow. According to the Central Bank, in the first quarter of 2024, attackers stole more than 1 billion rubles through similar schemes with dropper cards. A year earlier, the damage was almost half as much: more than 550 million rubles. A representative of the press service of the integrator and provider of information security services Angara Security told ComNews that schemes with the theft of educational data from "Gosuslugi" are one of the most common tactics along with phishing attacks.
Telegram channel abloud62 analyst Alexey Boyko called this "a serious vulnerability that should not exist" and linked it to rapid digitalization.
"Such vulnerabilities arise constantly: people lose money and nerves, although the initial goal was to simplify actions that previously required fuss, going somewhere, filling out a lot of paperwork. Now much of this can be done in a few clicks, but sometimes you have to pay dearly for convenience, since life is simplified not only for consumers of services, but also for fraudsters," said Alexey Boyko.
He believes that the reason for the high level of fraud is that vulnerabilities are not carefully checked before launching a product or service.
A representative of the Angara Security press service told about one of the schemes for hijacking a "Gosuslugi" account. The attackers exploit a scheme with the websites of "communication operators" where you can supposedly extend your phone number for several years or make it permanent. After users enter their data, the attackers ask them to confirm it through "Gosuslugi".
"Another important aspect of the problem is the persistent requests of a number of large banks and telecom operators to synchronize data in personal accounts with data on "Gosuslugi". On the one hand, organizations are trying to provide a seamless customer experience, on the other hand, the risk is growing that if an account is hijacked, fraudsters will issue loans in the client's name," said a representative of the Angara Security press service.
To combat fraud, it is important to install two-factor authentication and improve cyber literacy, says a representative of the integrator.
"Using an account on "Gosuslugi", you can apply for a loan on the website of a microfinance organization - we understood why this happens. Through the "account" from "Gosuslugi", you can submit all the documents to receive a loan, but indicate the details of another person's bank card. And then the money is transferred directly to the dropper, a fictitious person, in the application. I discussed this with the head of the Central Bank Elvira Nabiullina, we will close this option - only the person who applied will be able to receive a loan," said Maksut Shadayev.
The number of fraud cases uganda whatsapp resource continues to grow. According to the Central Bank, in the first quarter of 2024, attackers stole more than 1 billion rubles through similar schemes with dropper cards. A year earlier, the damage was almost half as much: more than 550 million rubles. A representative of the press service of the integrator and provider of information security services Angara Security told ComNews that schemes with the theft of educational data from "Gosuslugi" are one of the most common tactics along with phishing attacks.
Telegram channel abloud62 analyst Alexey Boyko called this "a serious vulnerability that should not exist" and linked it to rapid digitalization.
"Such vulnerabilities arise constantly: people lose money and nerves, although the initial goal was to simplify actions that previously required fuss, going somewhere, filling out a lot of paperwork. Now much of this can be done in a few clicks, but sometimes you have to pay dearly for convenience, since life is simplified not only for consumers of services, but also for fraudsters," said Alexey Boyko.
He believes that the reason for the high level of fraud is that vulnerabilities are not carefully checked before launching a product or service.
A representative of the Angara Security press service told about one of the schemes for hijacking a "Gosuslugi" account. The attackers exploit a scheme with the websites of "communication operators" where you can supposedly extend your phone number for several years or make it permanent. After users enter their data, the attackers ask them to confirm it through "Gosuslugi".
"Another important aspect of the problem is the persistent requests of a number of large banks and telecom operators to synchronize data in personal accounts with data on "Gosuslugi". On the one hand, organizations are trying to provide a seamless customer experience, on the other hand, the risk is growing that if an account is hijacked, fraudsters will issue loans in the client's name," said a representative of the Angara Security press service.
To combat fraud, it is important to install two-factor authentication and improve cyber literacy, says a representative of the integrator.