Group-IB helps to detain operators of scam-service issuing fake passes to move around Moscow amid virus lockdown

Group-IB, an international cybersecurity company, has helped Moscow police in identifying and detaining the operators of a fraudulent online service, selling fake digital passes to the residents of Moscow and Russian regions to move around the cities during the COVID-19 lockdown. Group-IB experts have discovered a total of 126 fraudulent online resources websites, Telegram channels and groups in social media that illegally sold fake certificates and digital passes to move around the city amid lockdown. Over a half of those web resources have already been blocked.

According to Group-IB’s data, the first scams to sell fake digital passes appeared in late March, when the Moscow authorities tightened self-isolation requirements and restricted travel around the capital city. A Moscow mayor decree determined three official ways to get the digital passes for free: by visiting the mos.ru website, calling +7 (495) 777-77-77 phone number or sending an SMS to 7377. However, starting on April 13, Group-IB began detecting an overwhelming growth of fraudulent services’ registration: websites, Telegram channels, and accounts on the VK (Russian social media network) and Instagram, all of which offered to buy passes granting the right to travel around the city during the quarantine at a price ranging between $38-65.

Digital passes: the dynamics of detection and blockage of new violations

Group-IB’s cyber investigation experts have managed to identify administrators of one of the fraudulent criminal groups, offering digital passes to move around Moscow, St. Petersburg and Krasnodar in a well-known messaging app. The fraudsters, who passed themselves off as law enforcers, in a personal chat with their “clients”, pledged to help them with the issuance of passes on the public services portal Gosuslugi.ru, based on a “semi-legal” scheme, as they said. To get the fake pass, one was asked to send the passport details and, if they needed a relevant permit for their vehicle, license plate number as well. As soon as the scammers got the money, they deleted the chat with the victim and blacklisted the latter. In two weeks of their operations, the scammers have successfully carried out several such “operations,” with the cost of their service ranging between $38-45. The majority of victims were those who were freaking out about the move restrictions and did not wait for the official procedure to issue the passes to begin.

During the investigation, carried out with the help of Group-IB’s experts, the Moscow police found evidence that pointed to two Moscow and the Moscow region residents who allegedly ran the operations. Both suspects were detained on April 21 and confessed to the fraud. As a result, criminal proceedings have been initiated in accordance with the Russian Criminal Code (Article 159). During the search, the police found and seized mobile phones and notebooks.

Amid the pandemic scammers actively exploit the coronavirus, self-isolation and lockdown passes themes in various phishing and vishing scams, and offer to buy fake digital passes. The danger is that by purchasing fake lockdown passes the victims can not only lose their money and payment data, but also sensitive personal information. For example, by obtaining the victim’s ID number fraudsters can apply for a loan on their behalf.

Sergey Lupanin
Sergey Lupanin

Head of Investigation Department, Group-IB

As of April 26, Group-IB’s Brand Protection team has discovered 126 fraudulent resources selling fake digital passes to move around Moscow, including 25 websites, 35 groups and accounts in social media, 66 channels on the Telegram messenger. Group-IB has blocked 78 resources so far and continues blocking and monitoring activities.

About Group-IB

Group-IB, with its headquarters in Singapore, is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigating high-tech crimes, and protecting intellectual property. The company’s Threat Intelligence and Research Centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), and Europe (Amsterdam).

Group-IB’s Unified Risk Platform is an ecosystem of solutions that understands each organization’s threat profile and tailors defenses against them in real-time from a single interface. The Unified Risk Platform provides complete coverage of the cyber response chain. Group-IB’s products and services consolidated in Group-IB’s Unified Risk Platform include Group-IB’s Threat IntelligenceManaged XDRDigital Risk ProtectionFraud ProtectionAttack Surface ManagementBusiness Email ProtectionAudit & ConsultingEducation & TrainingDigital Forensics & Incident ResponseManaged Detection & Response, and Cyber Investigations.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 19 years of hands-on experience in cybercrime investigations worldwide and more than 70,000 hours of cybersecurity incident response accumulated in our leading DFIR Laboratory, High-Tech Crime Investigations Department, and round-the-clock CERT-GIB.

Group-IB is an active partner in global investigations led by international law enforcement organizations such as Europol and INTERPOL. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to protect its clients in cyberspace every day by creating and leveraging innovative solutions and services.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.