November 22, 2017
The emails sent by cybercriminals stated the following:
“Greetings. I decided to send you an email because I accidently learned about your delicate financial situation. I experienced the same kind of problems. However, I managed to overcome them by using a not-so-obvious solution. This solution’s nonobviousness is not in its complexity (on the contrary, there is nothing complex about it). It is just hard to find. I will easily share it with you and won’t hold anything back. Use it. I hope everything works out for you just as well as it did for me. You will find my solution here.
All the best to you!”
A link in the email led to a website that was supposedly the property of “The interregional social fund of development”. The cybercriminals behind the website referred to a nonexistent Decree of the Government of the Russian Federation №192n. This “development fund for the nobody-knows-what” assured website visitors that all citizens of the Russian Federation and even foreign citizens temporarily staying in the Russian Federation are supposed to receive payments; however, these organizations are cunningly withholding them from people. In order to be able to verify how much people are owed, the cybercriminals ask trusting citizens to enter their personal insurance policy number (SNILS) or their passport number into the corresponding form.
No matter what kind of data the victim fills in (it can be an arbitrary sequence of numbers), they will receive a message telling them that they have been apportioned insurance payments for quite a large sum—several hundred rubles.
However, in order to withdraw these savings, the cybercriminals demand a payment for “access to databases”; the demanded sum is not that large in contrast to the insurance payment. If a trusting website visitor pays the cybercriminals, the visitor, of course, won’t get any money.
Representatives of the Pension fund of the Russian Federation have already stated in their press release that such schemes are fraudulent. The notice of the organization states that: “The Pension fund asks you to ignore such websites and to be careful with your personal data. You should only trust the pension payment information found in your online Pension Fund website account, on the Pension Fund’s smartphone app, and on the state services website”. We would like to remind you that the Pension Fund’s website is located at pfrf.ru.
Doctor Web specialists detected several operating mirrors of “The interregional social fund of development” and more than a dozen domains registered by the authors of this fraudulent scheme. Many of these domains contain the abbreviation “snils”. It is possible that the cybercriminals plan on using the indicated addresses to trick users in future. Furthermore, on the servers containing the webpages of “The interregional social fund of development”, our virus analysts detected many other fraudulent projects—everything from sales of dubious medicines to taromancy. In particular, among these projects, “Royal Point service” was detected. It supposedly guarantees its participants a profit from selling some “Points”. There was also a website that offers visitors the chance to earn 100,000 rubles per day selling domains whose delegation terms are expiring.
“On this webpage, you will not find any scams and other nonsense”—that is what the cybercriminals state. Although their webpage is nothing but the truest of scams, a fake website, and nonsense.
One more type of fraud, which has become increasingly popular of late, is connected with the clamor around cryptocurrencies and block chain technology. Cybercriminals offer users the opportunity to “lease out their computer capacity” for cryptocurrency mining and, in doing so, earn several bitcoins in a couple of minutes. Of course, in all the above-listed cases, people can only withdraw the money they’ve “earned” after making an advance payment to the cybercriminals. After a victim makes this payment, they never receive the promised payment.
Doctor Web security researchers added all the addresses of the fraudulent Internet resources they detected to the Dr.Web Parental Control’s databases of non-recommended websites. However, once again we remind our users that they should not trust cybercriminals who promise payments on behalf of any social funds and organizations, and fantastic profits made without any effort.
Tell us what you think
You will be awarded one Dr.Webling per comment. To ask Doctor Web’s site administration about a news item, enter @admin at the beginning of your comment. If your question is for the author of one of the comments, put @ before their names.