The usefulness of modern “Gosuslug” cannot be denied – the main electronic portal of the country simplifies the filing of applications, payment of taxes and fines, tracking documents and many processes related to solving a variety of issues. But with the growth in the number of convenient functions and public services, “Gosuslugi” is at the same time increasingly becoming a target for both hackers and scammers. It is important to secure your account and especially personal data (and there is a huge abundance of them), so in this article I want to tell you about the main methods of protection and how easy it is to identify intruders.
What attackers can do with the Gosuslug account
- Making a loan / microloan. Trusted sites of credit and microfinance organizations allow you to log in using your Gosuslug account. This is completely normal, and there are advantages for both sides: it is easier for users to log in, for banks and MFIs to identify a person faster to provide a full package of services. Thus, it will not be difficult for a fraudster to take out a loan in your name, if he has access to the “Gosuslugi”. Moreover, it will be quite difficult to prove the fact of the crime later, since the real login and password were entered (that is, there was no hacking). But, fortunately, not completely impossible.
- Extensive access to personal data. For the most efficient operation of the “Gosuslug”, all existing documents of a citizen are added to the portal: passport, SNILS, compulsory medical insurance policy, TIN, driver’s license, international passport, military ID, registration information from the registry office, as well as information about children, cars, real estate and even bank details kart. In the case of some documents (for example, a passport and a foreign passport), scanned copies may be stored in the digital archive, uploaded independently or received from the MFC upon request. An email address, full address of residence and phone number are also indicated. Do you already understand the scale of the danger? If a fraudster can get to one Gosuslug account, he will literally get everything about a person, his family and possessions.
- Use of other official services. The Russian Post, the Federal Tax Service, the Pension Fund, the MFC websites, the Russian Public Initiative, regional government portals, Wi-Fi in the Moscow metro, and more than 8,000 partner information resources across the country — all of them support the Unified Identification and Authentication System (ESIA) , which means the authorization function through the “Gosuslugi”. The list of permissions for the transfer of personal data and authorized portals to third-party institutions is available directly in the profile, therefore, if a fraudster compromises your “Gosuslugi”, a single account will not do. In this context, the prevalence of ESIA plays against security.
- More plausible deception of relatives. In the wrong hands, Gosuslugi opens up space for classic fraudulent schemes, as the account helps to find out an incredible storehouse of information, from credit history to the name of the attending physician. An attacker who provides genuine arguments about a car number, SNILS, or recent payments for housing and communal services will inspire unshakable confidence in the victim. The more he knows, the more convincing it will be to deceive and influence significantly. Then the impersonation of a fraudster as a security officer of a bank, police or other body, so that he, for example, successfully swindled money from retired parents, will become almost impossible to distinguish from the real situation.
- Involvement in politics. Users of “Gosuslug” are invited to take an active part in public discussions, vote in the online primaries of parties, speak out for or against bills being developed and share their opinions on important issues. Rest assured, the attacker will also use political activity for evil purposes, depriving you of your own word.
If you encounter one of the listed types of fraud, please report to the Ministry of Internal Affairs and the Gosuslug support hotline at 8-800-100-70-10 or register an appeal through the feedback platform.
How to protect your account “Gosuslug”
The Gosuslugi portal provides several options for protecting your account at once. It is recommended that you use at least a few of them, or ideally all together. The last solution will not leave scammers any chance and you will have control over each entry, with the date and time the authorization was performed. The setup will spend quite a bit of your time, but the security is increased many times over.
Use a unique password
The key rule for absolutely any site on the Internet is to come up with a complex password. A phone, email or SNILS is accepted as a login on the State Services, and the bad part is that it is relatively easy for scammers to find them out today. Another thing is the password: let it be long, contain uppercase letters, numbers and special characters. The more random and intricate the set, the more reliable, and of course it must be unique from the rest of your frequently used sites. Forget about names, dates of birth, standard phrases and combinations. By the way, the top twenty worst passwords in recent years include 123456789, password, qwerty, 111111 and iloveyou. Obviously, it will take seconds for savvy attackers to figure them out.
Be sure to enable two-factor authentication
Two-factor authentication strengthens the dual method login process to verify that the account owner is actually trying to log in. You will need to enter not only a password, but also a six-digit code from SMS – it will be generated anew each time. Do not pass it on to anyone.
Turn on email notification on login
With the help of e-mail login notifications, you can always be on the alert and quickly stop unauthorized authorization attempts. The letter contains tips and links to instructions on what to do if you did not log in to your Gosuslug account. Also check the activity history in the profile security section – it helps to keep track of valuable details, ranging from the operating system and browser used to which IP address the attacker logged into.
Add a security question
The security question will save the account – “Gosuslugi” will request it when access is restored. You can assign any question you want, the answer should be known only to you.
Set a PIN to a working SIM card
The phone number is attached to the profile of “Gosuslug” and is a login for authorization on the portal. It also confirms the entry via SMS for double authentication. The PIN code will be an additional protection against fraudsters and will protect against possible penetration into the account if the SIM card is lost. If you suddenly discovered the loss or your phone was stolen, immediately change the number in the “State Services”.
How to determine that incoming SMS and letters are definitely from the Gosuslug portal
- The sender of the letter is “Gosuslugi”. Emails always come from the same address – [email protected]. The “Sender” line does not include departments or employee names. Just in case, it is recommended to check the server from which the letter was sent (should be mail.gosuslugi.ru). SMS messages to the phone come from the sender gosuslugi, the official short number of the portal is 0919. “Gosuslugi” never calls and does not require confidential information.
- Links lead to the original portal. The letter may offer to fill out a questionnaire or receive a service. If in doubt, copy and check the link. The site address should be gosuslugi.ru. Only in this way and without other additions in the domain name.
- You are not asked to enter personal information. They are indicated exclusively on the portal – in your personal account and when applying for a service. If you need to enter SNILS and bank card details in the letter, these are scammers, not “Gosuslugi”.
- They do not ask you for money, official payments. “Gosuslugi” does not offer to participate in the drawing and lottery. To get real support from the state, you never need to pay commissions, delivery or application processing. All offers to transfer money in exchange for the announced payouts are fraudulent. Check if there is such information on the portal or government sites.
- The letter was delivered both to the mail and to the profile. State letters on fines, compensations, judicial penalties and important news are delivered to the Gosuslug personal account. They can be viewed in the “State Post” section. If you received an email, check for updates in your profile too.
How to restore access to an account
Forgot login. If you don’t remember the phone number to which the account was linked, try other methods, for example, enter your email or SNILS. And, accordingly, vice versa.
Forgot your password. Try recovering your password online on the portal using the phone number or email associated with your account. If you do not remember them, indicate SNILS. You will be prompted to enter verification data (for example, passport number or date of birth), after which you will need to specify a password recovery method.
Follow the link from the letter in the email or enter the code from the SMS. “Gosuslugi” will offer to set a new password.
No access to phone number and email. Contact the customer service center with your passport and SNILS. This is not necessarily an MFC – you can choose any nearest service center. An employee of the center will issue a temporary password to enter the “Gosuslugi”. Or you can restore access by passing identification through an online bank (Sberbank, Tinkoff Bank, Post Bank, VTB, MTS Bank). They act as partners of the ecosystem: transferring an account to the status of a confirmed one takes only a couple of minutes.
Source: Trash Box
Donald-43Westbrook, a distinguished contributor at worldstockmarket, is celebrated for his exceptional prowess in article writing. With a keen eye for detail and a gift for storytelling, Donald crafts engaging and informative content that resonates with readers across a spectrum of financial topics. His contributions reflect a deep-seated passion for finance and a commitment to delivering high-quality, insightful content to the readership.
