27 April 2020

Group-IB helps to detain operators of scam-service issuing fake passes to move around Moscow amid virus lockdown

Group-IB, an international cybersecurity company, has helped Moscow police in identifying and detaining the operators of a fraudulent online service, selling fake digital passes to the residents of Moscow and Russian regions to move around the cities during the COVID-19 lockdown. Group-IB experts have discovered a total of 126 fraudulent online resources — websites, Telegram channels and groups in social media that illegally sold fake certificates and digital passes to move around the city amid lockdown. Over a half of those web resources have already been blocked.

According to Group-IB’s data, the first scams to sell fake digital passes appeared in late March, when the Moscow authorities tightened self-isolation requirements and restricted travel around the capital city. A Moscow mayor decree determined three official ways to get the digital passes for free: by visiting the mos.ru website, calling +7 (495) 777-77-77 phone number or sending an SMS to 7377. However, starting on April 13, Group-IB began detecting an overwhelming growth of fraudulent services’ registration: websites, Telegram channels, and accounts on the VK (Russian social media network) and Instagram, all of which offered to buy passes granting the right to travel around the city during the quarantine at a price ranging between $38-65.

Digital passes: the dynamics of detection and blockage of new violations

Group-IB’s cyber investigation experts have managed to identify administrators of one of the fraudulent criminal groups, offering digital passes to move around Moscow, St. Petersburg and Krasnodar in a well-known messaging app. The fraudsters, who passed themselves off as law enforcers, in a personal chat with their “clients”, pledged to help them with the issuance of passes on the public services portal Gosuslugi.ru, based on a “semi-legal” scheme, as they said. To get the fake pass, one was asked to send the passport details and, if they needed a relevant permit for their vehicle, license plate number as well. As soon as the scammers got the money, they deleted the chat with the victim and blacklisted the latter. In two weeks of their operations, the scammers have successfully carried out several such “operations,” with the cost of their service ranging between $38-45. The majority of victims were those who were freaking out about the move restrictions and did not wait for the official procedure to issue the passes to begin.

During the investigation, carried out with the help of Group-IB’s experts, the Moscow police found evidence that pointed to two Moscow and the Moscow region residents who allegedly ran the operations. Both suspects were detained on April 21 and confessed to the fraud. As a result, criminal proceedings have been initiated in accordance with the Russian Criminal Code (Article 159). During the search, the police found and seized mobile phones and notebooks.

Amid the pandemic scammers actively exploit the coronavirus, self-isolation and lockdown passes themes in various phishing and vishing scams, and offer to buy fake digital passes. The danger is that by purchasing fake lockdown passes the victims can not only lose their money and payment data, but also sensitive personal information. For example, by obtaining the victim’s ID number fraudsters can apply for a loan on their behalf.

Sergey Lupanin

Sergey Lupanin

Head of Investigation Department, Group-IB

As of April 26, Group-IB’s Brand Protection team has discovered 126 fraudulent resources selling fake digital passes to move around Moscow, including 25 websites, 35 groups and accounts in social media, 66 channels on the Telegram messenger. Group-IB has blocked 78 resources so far and continues blocking and monitoring activities.

Group-IB is one of the leading providers of solutions dedicated to detecting and preventing cyberattacks, identifying online fraud, investigation of high-tech crimes and intellectual property protection, headquartered in Singapore. The company’s threat intelligence and research centers are located in the Middle East (Dubai), the Asia-Pacific (Singapore), Europe (Amsterdam), and Russia (Moscow).

Group-IB’s Threat Intelligence & Attribution system has been named one of the best in class by Gartner, Forrester, and IDC. Group-IB’s Threat Hunting Framework (earlier known as TDS) intended for the proactive search and the protection against complex and previously unknown cyberthreats has been recognized as one of the leaders in Network Detection and Response by the leading European analyst agency KuppingerCole Analysts AG, while Group-IB itself has been recognized as a Product Leader and Innovation Leader. Gartner identified Group-IB as a Representative Vendor in Online Fraud Detection for its Fraud Hunting Platform. In addition, Group-IB was granted Frost & Sullivan’s Innovation Excellence award for its Digital Risk Protection (DRP), an Al-driven platform for identifying and mitigating digital risks and counteracting brand impersonation attacks with the company’s patented technologies at its core.

Group-IB’s technological leadership and R&D capabilities are built on the company’s 18 years of hands-on experience in cybercrime investigations worldwide and 70,000 hours of cybersecurity incident response accumulated in our leading forensic laboratory, high-tech crime investigations department, and round-the-clock CERT-GIB. Group-IB is a partner of Europol.

Group-IB’s experience in threat hunting and cyber intelligence has been fused into an ecosystem of highly sophisticated software and hardware solutions designed to monitor, identify, and prevent cyberattacks. Group-IB’s mission is to fight high-tech crime while protecting our clients in cyberspace and helping them achieve their goals. To do so, we analyze cyber threats, develop our infrastructure to monitor them, respond to incidents, investigate complex high-tech crimes, and design unique technologies, solutions, and services to counteract adversaries.

Report an incident

Get 24/7 incident response assistance from our global team

APAC: +65 3159-3798
Europe: +31 20 226-90-90
EMA: +971 4 508 1605

Thank you for filling out the form! We will get back to you shortly.

We use cookies on the website to make your browser experience more personal, convenient and secure. You may block or manage the use of cookies, however, in some cases they’re essential to make this site work properly. Learn more about cookies in Group-IB Privacy And Cookies Policy.

Report an incident