27 April 2020

Group-IB helps to detain operators of scam-service issuing fake passes to move around Moscow amid virus lockdown

Group-IB, an international cybersecurity company, has helped Moscow police in identifying and detaining the operators of a fraudulent online service, selling fake digital passes to the residents of Moscow and Russian regions to move around the cities during the COVID-19 lockdown. Group-IB experts have discovered a total of 126 fraudulent online resources — websites, Telegram channels and groups in social media that illegally sold fake certificates and digital passes to move around the city amid lockdown. Over a half of those web resources have already been blocked.

According to Group-IB’s data, the first scams to sell fake digital passes appeared in late March, when the Moscow authorities tightened self-isolation requirements and restricted travel around the capital city. A Moscow mayor decree determined three official ways to get the digital passes for free: by visiting the mos.ru website, calling +7 (495) 777-77-77 phone number or sending an SMS to 7377. However, starting on April 13, Group-IB began detecting an overwhelming growth of fraudulent services’ registration: websites, Telegram channels, and accounts on the VK (Russian social media network) and Instagram, all of which offered to buy passes granting the right to travel around the city during the quarantine at a price ranging between $38-65.

Digital passes: the dynamics of detection and blockage of new violations

Group-IB’s cyber investigation experts have managed to identify administrators of one of the fraudulent criminal groups, offering digital passes to move around Moscow, St. Petersburg and Krasnodar in a well-known messaging app. The fraudsters, who passed themselves off as law enforcers, in a personal chat with their “clients”, pledged to help them with the issuance of passes on the public services portal Gosuslugi.ru, based on a “semi-legal” scheme, as they said. To get the fake pass, one was asked to send the passport details and, if they needed a relevant permit for their vehicle, license plate number as well. As soon as the scammers got the money, they deleted the chat with the victim and blacklisted the latter. In two weeks of their operations, the scammers have successfully carried out several such “operations,” with the cost of their service ranging between $38-45. The majority of victims were those who were freaking out about the move restrictions and did not wait for the official procedure to issue the passes to begin.

During the investigation, carried out with the help of Group-IB’s experts, the Moscow police found evidence that pointed to two Moscow and the Moscow region residents who allegedly ran the operations. Both suspects were detained on April 21 and confessed to the fraud. As a result, criminal proceedings have been initiated in accordance with the Russian Criminal Code (Article 159). During the search, the police found and seized mobile phones and notebooks.

Amid the pandemic scammers actively exploit the coronavirus, self-isolation and lockdown passes themes in various phishing and vishing scams, and offer to buy fake digital passes. The danger is that by purchasing fake lockdown passes the victims can not only lose their money and payment data, but also sensitive personal information. For example, by obtaining the victim’s ID number fraudsters can apply for a loan on their behalf.

Sergey Lupanin

Sergey Lupanin

Head of Investigation Department, Group-IB

As of April 26, Group-IB’s Brand Protection team has discovered 126 fraudulent resources selling fake digital passes to move around Moscow, including 25 websites, 35 groups and accounts in social media, 66 channels on the Telegram messenger. Group-IB has blocked 78 resources so far and continues blocking and monitoring activities.

Group-IB is one of the leading providers of solutions aimed at detection and prevention of cyberattacks, online fraud, and IP protection. Group-IB Threat Intelligence & Attribution system was named one of the best in class by Gartner, Forrester, and IDC.

Group-IB’s technological leadership is built on the company’s 17 years of experience in cybercrime investigations worldwide and 65,000 hours of incident response accumulated in our leading forensic laboratory and 24/7 CERT-GIB.

Group-IB is a partner of INTERPOL, Europol, and a cybersecurity solutions provider, recommended by SWIFT and OSCE. Group-IB is a member of the World Economic Forum.

Report an incident

24/7 Incident Response Assistance +65 3159-4398

Thank you for the inquiry! We will contact you soon.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident