Here are the most common methods that attackers use to hack accounts:
Password selection . Unscrupulous employees of various companies periodically sell databases that contain personal information of citizens. In this way, criminals can find out user logins on Gosuslugi — phone numbers and email addresses. After that, they can try to select a password using an automated program. Since accounts on Gosuslugi are well protected, it is extremely rare to hack them by selecting a password. But fraudsters still try.
Calls from scammers . Criminals call, introduce themselves as employees of the portal or bank, and ask to confirm information. During the conversation, the user provides personal data, and in some cases, the scammers manage to convince you to give your login, password, and code from the SMS.
Fraudulent websites . They offer authorization through an indonesia mobile database account on Gosuslugi. This way, all the data needed for hacking gets to the attackers. Usually, links that criminals send in letters and messages lead to fraudulent websites. Users are lured with contests, winnings, or asked to go to the site to confirm the data.
Fake apps . Criminals notify that the old app is no longer valid and ask to install a new one. The user installs it and enters their data. At this point, the attacker can gain remote access to the victim's phone. It will allow logging in not only to the account on Gosuslugi, but also to other applications, including banking ones.
What to do if you've been hacked
If you cannot log in to the portal using your password, it means that the scammers have changed it. Follow the instructions:
Restore access. This can be done on Gosuslugi if you have specified a phone number and email in your contacts, and you have access to at least one of these contacts. If this does not work, you can restore access online through the bank's application or in person at the service center (MFC).
Log in to your account and make sure your phone number and email address are listed in the contacts. If not, take a screenshot of the listed contacts and replace them with your own.
Protect your account. Set up an additional login method — using a code from an SMS or biometrics. You can also set a security question and enable notifications about login attempts using your login. The latter method will allow you to track attempts by fraudsters to hack your account.
Log out of all devices except the current one: this will disable scammers from your account. You can do this in the "Security" section.
Check how exactly the attackers used the account. To do this, go to your personal account, select the section "Profile" → "Security" → "Actions in the system". If the criminals provided MFIs or banks with access to your account, you will see this in the list of actions.