Fraudsters tried to get personal data of CNews employees by sending a fake document to the editorial office about the initiation of a criminal case against the editorial office in connection with "another influence of foreign special services." Information security experts call this a common scheme of fraud aimed at obtaining personal data.
How fraudsters under the guise of the FSB turned to the CNews editorial office
Several employees of CNews received a document via the Telegram messenger stating that the Federal Security Service (FSB) allegedly opened a criminal case against the editorial office. The sender was a user who introduced himself as the General Director of Sinews LLC, but was not one of them. The message began with the words: "Found out ? I'm on business, just for a few words. We have an audit planned in connection with the leakage of data from employees of the organization."
The document had a handwritten and electronic signature, allegedly belonging to " the first deputy director of the FSB, General Korolev Sergei Borisovich." Also in the document was a note that it was transmitted over "encrypted channels".
The document showed that the FSB was allegedly conducting an investigation against Sinews LLC, which was caused by identifying incidents related to the leakage of personal data and suspicion of disclosing state secrets, as well as in connection with "another influence of foreign special services."
The FSB allegedly intends to identify the reasons for the leak of information from the "archive of the institution" and " study the possible interference of foreign special services on the proper persons who have access to the data archives."
According to the document, in connection with these violations, a criminal case was allegedly initiated against Sinews LLC, and a "closed investigation" is allegedly being conducted against Sinews LLC officials - they will be brought to justice under Article 275 of the Criminal Code ("High Treason"), as well as in accordance with laws no.63 ("On electronic signatures") and 5485-1 ("On State Secrets"). The letter also included a list of officials of Sinews LLC, who are allegedly being checked.
The press service of the FSB did not respond to a request from CNews on this issue at the time of publication of this material.
"Ten signs of forgery"
Mikhail Tevs, head of the IDX legal service, who studied the document at the request of CNews, found a number of signs of forgery in it. "Opening a criminal case against a legal entity is a failure, criminal cases can only be initiated against citizens," says Tevs. - In addition, there are no such concepts as" closed investigation "and"closed communication channel". An offense can only be administrative, and criminal violations are always crimes. Also, citizens are brought to justice only in accordance with the Criminal Code without applying any other laws, especially since Law No. 63 is devoted to electronic signatures."
The lawyer pointed out other, less significant blunders of fraudsters: the document contains the details of the FSB department for Moscow and the Moscow region, but it is signed by the first deputy head of the entire department (the name of the head of the Moscow department of the FSB can be easily found on the Internet); the signer, in addition to the position, also indicates his title, which is rare; handwritten and electronic signatures are redundant.
What do scammers expect
Ashot Oganesyan, founder of the DLBI shadow Internet intelligence and monitoring service, calls the incident "a widespread fraud scheme that has been gaining popularity recently." "To implement such a scheme, only the personal data of the victim and her supervisor are needed, which, as a rule, are publicly available - for example, the name and photo," the expert says.
Fraudsters target employees ' personal data, which can be used to attack both them and the company. In the first case, Oganesyan explains, victims will receive "calls from the Central Bank" with the offer to transfer money to a "secure account". In the second case, accountants and assistants will receive fake payment orders from the alleged director.
"In recent years, attackers have increasingly attempted to mimic government structures by posing as representatives of law enforcement agencies, regulators, or ministries, "says the head of Kaspersky Lab's email threat protection group. - The goal is to intimidate the recipient with consequences (criminal cases, multimillion-dollar fines, etc.), so that the victim will eventually meet the requirements specified in the message. Sometimes an attacker acts in several stages: for example, they warn you in an email about an upcoming call, and during the conversation they lure out confidential information. Such methods of social engineering are designed to cause a potential victim to panic and force her to act rashly."
How to avoid becoming a victim of scammers
The InfoWatch group of companies indicates that in the vast majority of cases such letters are "from the FSB", "from the Ministry of Internal Affairs", etc. – a common scam designed for impressionable employees.
"An experienced specialist who works with genuine requests from law enforcement agencies and departments will identify the fake immediately at the time of reading," the company believes. - Characteristic features are grammatical errors, colloquial, non-legal formulations, or, conversely, a pile of complex phrases, incorrect logos, overly bright printed seal impressions, and so on. Another indicator of the fraudulent orientation of the letter is the emphasis on encouraging the addressee to take action, high urgency, playing on emotions and feelings of responsibility."
InfoWatch added that for such letters, these departments never use e-mail as the only communication channel: such correspondence in paper form can be sent to the organization's address, by registered mail or through electronic document management systems, and duplicated via e-mail. If this email was sent only to an email address, then this is a reason to consider it fraud.
Ashot Oganesyan reminds that law enforcement officers never call in this way and do not send scans of their IDs and other documents via instant messengers. In reality, law enforcement officers send subpoenas or come by themselves, and by phone, as a maximum, invite you to their place.
As for fake messages to employees of organizations allegedly from their manager in the messenger, it is more difficult to deal with them. "Most employees fall into a stupor after receiving such a message, and try to verify the sender by contacting him through other channels," the expert says. "This can only be dealt with by using corporate security policies, for example, prohibiting business communications everywhere except in corporate messengers."
How fraudsters under the guise of the FSB turned to the CNews editorial office
Several employees of CNews received a document via the Telegram messenger stating that the Federal Security Service (FSB) allegedly opened a criminal case against the editorial office. The sender was a user who introduced himself as the General Director of Sinews LLC, but was not one of them. The message began with the words: "Found out ? I'm on business, just for a few words. We have an audit planned in connection with the leakage of data from employees of the organization."
The document had a handwritten and electronic signature, allegedly belonging to " the first deputy director of the FSB, General Korolev Sergei Borisovich." Also in the document was a note that it was transmitted over "encrypted channels".
The document showed that the FSB was allegedly conducting an investigation against Sinews LLC, which was caused by identifying incidents related to the leakage of personal data and suspicion of disclosing state secrets, as well as in connection with "another influence of foreign special services."
The FSB allegedly intends to identify the reasons for the leak of information from the "archive of the institution" and " study the possible interference of foreign special services on the proper persons who have access to the data archives."
According to the document, in connection with these violations, a criminal case was allegedly initiated against Sinews LLC, and a "closed investigation" is allegedly being conducted against Sinews LLC officials - they will be brought to justice under Article 275 of the Criminal Code ("High Treason"), as well as in accordance with laws no.63 ("On electronic signatures") and 5485-1 ("On State Secrets"). The letter also included a list of officials of Sinews LLC, who are allegedly being checked.
The press service of the FSB did not respond to a request from CNews on this issue at the time of publication of this material.
"Ten signs of forgery"
Mikhail Tevs, head of the IDX legal service, who studied the document at the request of CNews, found a number of signs of forgery in it. "Opening a criminal case against a legal entity is a failure, criminal cases can only be initiated against citizens," says Tevs. - In addition, there are no such concepts as" closed investigation "and"closed communication channel". An offense can only be administrative, and criminal violations are always crimes. Also, citizens are brought to justice only in accordance with the Criminal Code without applying any other laws, especially since Law No. 63 is devoted to electronic signatures."
The lawyer pointed out other, less significant blunders of fraudsters: the document contains the details of the FSB department for Moscow and the Moscow region, but it is signed by the first deputy head of the entire department (the name of the head of the Moscow department of the FSB can be easily found on the Internet); the signer, in addition to the position, also indicates his title, which is rare; handwritten and electronic signatures are redundant.
What do scammers expect
Ashot Oganesyan, founder of the DLBI shadow Internet intelligence and monitoring service, calls the incident "a widespread fraud scheme that has been gaining popularity recently." "To implement such a scheme, only the personal data of the victim and her supervisor are needed, which, as a rule, are publicly available - for example, the name and photo," the expert says.
Fraudsters target employees ' personal data, which can be used to attack both them and the company. In the first case, Oganesyan explains, victims will receive "calls from the Central Bank" with the offer to transfer money to a "secure account". In the second case, accountants and assistants will receive fake payment orders from the alleged director.
"In recent years, attackers have increasingly attempted to mimic government structures by posing as representatives of law enforcement agencies, regulators, or ministries, "says the head of Kaspersky Lab's email threat protection group. - The goal is to intimidate the recipient with consequences (criminal cases, multimillion-dollar fines, etc.), so that the victim will eventually meet the requirements specified in the message. Sometimes an attacker acts in several stages: for example, they warn you in an email about an upcoming call, and during the conversation they lure out confidential information. Such methods of social engineering are designed to cause a potential victim to panic and force her to act rashly."
How to avoid becoming a victim of scammers
The InfoWatch group of companies indicates that in the vast majority of cases such letters are "from the FSB", "from the Ministry of Internal Affairs", etc. – a common scam designed for impressionable employees.
"An experienced specialist who works with genuine requests from law enforcement agencies and departments will identify the fake immediately at the time of reading," the company believes. - Characteristic features are grammatical errors, colloquial, non-legal formulations, or, conversely, a pile of complex phrases, incorrect logos, overly bright printed seal impressions, and so on. Another indicator of the fraudulent orientation of the letter is the emphasis on encouraging the addressee to take action, high urgency, playing on emotions and feelings of responsibility."
InfoWatch added that for such letters, these departments never use e-mail as the only communication channel: such correspondence in paper form can be sent to the organization's address, by registered mail or through electronic document management systems, and duplicated via e-mail. If this email was sent only to an email address, then this is a reason to consider it fraud.
Ashot Oganesyan reminds that law enforcement officers never call in this way and do not send scans of their IDs and other documents via instant messengers. In reality, law enforcement officers send subpoenas or come by themselves, and by phone, as a maximum, invite you to their place.
As for fake messages to employees of organizations allegedly from their manager in the messenger, it is more difficult to deal with them. "Most employees fall into a stupor after receiving such a message, and try to verify the sender by contacting him through other channels," the expert says. "This can only be dealt with by using corporate security policies, for example, prohibiting business communications everywhere except in corporate messengers."
