Group-IB helps to detain operators of scam-service issuing fake passes to move around Moscow amid virus lockdown

Group-IB, an international cybersecurity company, has helped Moscow police in identifying and detaining the operators of a fraudulent online service, selling fake digital passes to the residents of Moscow and Russian regions to move around the cities during the COVID-19 lockdown. Group-IB experts have discovered a total of 126 fraudulent online resources websites, Telegram channels and groups in social media that illegally sold fake certificates and digital passes to move around the city amid lockdown. Over a half of those web resources have already been blocked.

According to Group-IB’s data, the first scams to sell fake digital passes appeared in late March, when the Moscow authorities tightened self-isolation requirements and restricted travel around the capital city. A Moscow mayor decree determined three official ways to get the digital passes for free: by visiting the mos.ru website, calling +7 (495) 777-77-77 phone number or sending an SMS to 7377. However, starting on April 13, Group-IB began detecting an overwhelming growth of fraudulent services’ registration: websites, Telegram channels, and accounts on the VK (Russian social media network) and Instagram, all of which offered to buy passes granting the right to travel around the city during the quarantine at a price ranging between $38-65.

Group-IB’s cyber investigation experts have managed to identify administrators of one of the fraudulent criminal groups, offering digital passes to move around Moscow, St. Petersburg and Krasnodar in a well-known messaging app. The fraudsters, who passed themselves off as law enforcers, in a personal chat with their “clients”, pledged to help them with the issuance of passes on the public services portal Gosuslugi.ru, based on a “semi-legal” scheme, as they said. To get the fake pass, one was asked to send the passport details and, if they needed a relevant permit for their vehicle, license plate number as well. As soon as the scammers got the money, they deleted the chat with the victim and blacklisted the latter. In two weeks of their operations, the scammers have successfully carried out several such “operations,” with the cost of their service ranging between $38-45. The majority of victims were those who were freaking out about the move restrictions and did not wait for the official procedure to issue the passes to begin.

During the investigation, carried out with the help of Group-IB’s experts, the Moscow police found evidence that pointed to two Moscow and the Moscow region residents who allegedly ran the operations. Both suspects were detained on April 21 and confessed to the fraud. As a result, criminal proceedings have been initiated in accordance with the Russian Criminal Code (Article 159). During the search, the police found and seized mobile phones and notebooks.

Amid the pandemic scammers actively exploit the coronavirus, self-isolation and lockdown passes themes in various phishing and vishing scams, and offer to buy fake digital passes. The danger is that by purchasing fake lockdown passes the victims can not only lose their money and payment data, but also sensitive personal information. For example, by obtaining the victim’s ID number fraudsters can apply for a loan on their behalf.

Sergey Lupanin

Head of Investigation Department, Group-IB

As of April 26, Group-IB’s Brand Protection team has discovered 126 fraudulent resources selling fake digital passes to move around Moscow, including 25 websites, 35 groups and accounts in social media, 66 channels on the Telegram messenger. Group-IB has blocked 78 resources so far and continues blocking and monitoring activities.

About Group-IB

Founded in 2003 and headquartered in Singapore, Group-IB is a leading creator of cybersecurity technologies to investigate, prevent, and fight digital crime. Combating cybercrime is in the company’s DNA, shaping its technological capabilities to defend businesses, citizens, and support law enforcement operations.

Group-IB’s Digital Crime Resistance Centers (DCRCs) are located in the Middle East, Europe, Central Asia, and Asia-Pacific to help critically analyze and promptly mitigate regional and country-specific threats. These mission-critical units help Group-IB strengthen its contribution to global cybercrime prevention and continually expand its threat-hunting capabilities.

Group-IB’s decentralized and autonomous operational structure helps it offer tailored, comprehensive support services with a high level of expertise. We map and mitigate adversaries’ tactics in each region, delivering customized cybersecurity solutions tailored to risk profiles and requirements of various industries, including retail, healthcare, gambling, financial services, manufacturing, crypto, and more.

The company’s global security leaders work in synergy with some of the industry’s most advanced technologies to offer detection and response capabilities that eliminate cyber disruptions agilely.

Group-IB’s Unified Risk Platform (URP) underpins its conviction to build a secure and trusted cyber environment by utilizing intelligence-driven technology and agile expertise that completely detects and defends against all nuances of digital crime. The platform proactively protects organizations’ critical infrastructure from sophisticated attacks while continuously analyzing potentially dangerous behavior all over their network.

The comprehensive suite includes the world’s most trusted Threat Intelligence, The most complete Fraud Protection, AI-powered Digital Risk Protection, Multi-layered protection with Managed Extended Detection and Response (XDR), All-infrastructure Business Email Protection, and External Attack Surface Management.

Furthermore, Group-IB’s full-cycle incident response and investigation capabilities have consistently elevated industry standards. This includes the 77,000+ hours of cybersecurity incident response completed by our sector-leading DFIR Laboratory, more than 1,400 successful investigations completed by the High-Tech Crime Investigations Department, and round-the-clock efforts of CERT-GIB.

Time and again, its solutions and services have been revered by leading advisory and analyst agencies such as Aite Novarica, Gartner®, Forrester, Frost & Sullivan, KuppingerCole Analysts AG, and more.

Being an active partner in global investigations, Group-IB collaborates with international law enforcement organizations such as INTERPOL, EUROPOL and AFRIPOL to create a safer cyberspace. Group-IB is also a member of the Europol European Cybercrime Centre’s (EC3) Advisory Group on Internet Security, which was created to foster closer cooperation between Europol and its leading non-law enforcement partners.