Why you urgently need to protect your account on "Gosuslugi" from scammers and how to do it

No matter how much the Gosuslugi portal is scolded, it must be admitted that its development makes many bureaucratic processes easier and faster. With it, you can apply to various government agencies, pay fines, file declarations, and so on.

In order for all this to work correctly, a lot of personal information, including document data, is stored at the State Services. And also a verified account - in fact, simple electronic signature. That is, knowing the login and password, you can sign some papers on your behalf. Banking services work on the same principle. It is enough to verify your identity once. And then you can simply press the buttons in the application and open deposits or receive loans.

Do you feel? All this points to the possibility of fraud. What attackers are happy to use. Therefore, it is important to take care of the security of your account.

How scammers can use your account on "Gosuslugi"

Take out a loan or microloan

Now some credit or microfinance organizations allow you to log in to their websites using your Gosuslug accounts. There is nothing criminal in this, it is even convenient. For a bank or MFI, this simplifies identity verification. And you can be sure at least that the organization exists legally and it has a license. This company should confirmLogin to the site through "Gosuslugi" / "Gosuslugi"to establish an entrance through the "Gosuslugi".

However, problems begin if the login and password fall into the hands of scammers. They can not only log in to the website of a bank or MFI, but also take loan in your name. Moreover, it will not be easy to prove the fact of a crime: your login and password are entered. But, fortunately, it's not impossible.

Set up a one-day company

scammers useDo not let scammers register companies / FTS on you fly-by-night companies to launder money or evade taxes, engage in illegal activities, and so on. And this can be done without the participation of the victim. And access to the Gosuslug account will greatly simplify the process. These documents are available, and even an application for business registration can be submitted, you only need to issue a qualified electronic signature.

Responsible for the machinations of the company will then have to its "owner".

It is more effective to deceive you and your loved ones

The more a scammer knows, the easier it is for him to convince you that he is really calling from bank security, or the police, or another institution. With the help of an account on Gosuslugakh, it is easy to find out a lot of information that will help to deceive - from a credit history to the name of the attending physician. The same data can be used to, for example, extort money from pensioners - parents victims.

Get involved in politics

The “Gosuslug” account allows you to vote, take part in the primaries of parties, speak out for or against bills, and in other ways express your opinion on important issues. But someone can do it for you if they know your username and password.

What to do to secure your account on "Gosuslugi"

You can talk as much as you like about data leaks, the poor quality of portal protection, and so on. But it will be just talk. We will deal with the practical side of the issue. Here's what each of us should do to make the profile a little more secure.

Change your password to complex

Login on "Gosuslugakh" - phone number or SNILS. That is, it is quite easy for attackers to recognize it. Therefore, you should not simplify the task for scammers by using something obvious as a password. QWERTY, year of birth, six units - all this is a bad choice.

Let the password be long enough, using capital letters and numbers. Moreover, the more random the character set, the better: Volodya1987 is not much more reliable than QWERTY.

It's also important that password was unique. If you use it on a crossword site, and an online casino, and on a fishing forum, you can be almost sure that it is already known not only to you.

To change your password, go to in profile at public services.

Set up two-factor authentication

In this case, to access your account, you will need to enter not only a password, but also a code from SMS, which will be generated anew and come to you every time you try to log in.

You can also set up two-factor authentication in your profile in the "Safety». Check that you entered the correct phone number and move the slider.

Take care of your data

Password leaks are often associated with the work of hackers. But everything is much easier. It is possible to lure the victim out of her data faster than hacking and picking up something. Therefore, there are important rules that everyone knows about, but not everyone observes.

Do not share your password and codes from SMS with anyone

Ideally, when only you know it. But it happens that a person cannot do everything himself and asks someone to help him - children, grandchildren. In this case, it is worth stopping at one person, the one you trust the most. Not because everyone around is bad and they should be suspected of something. It's just that the more people who know your passwords, the less secure that information is.

And you definitely don’t need to give the code if someone calls and introduces himself as a Gosuslug employee, a police major, and so on. This scammers.

Same with SMS codes. Knowing these numbers, an attacker can replace the phone number in the account, and all notifications will be sent to him. So, under no circumstances should this be done.

Enter the password from "Gosuslug" only on sites that you are sure of

Fraudsters use various tricks to force you to enter your Gosuslug login and password on their sites. After that, they receive this data at their disposal.

To prevent this from happening, carefully check what is indicated in the address bar. The address of Gosuslugi is gosuslugi.ru. Not g0suslugi, not gosus1ugi. It is important. Carefully follow the links from the mail, which allegedly lead you to the websites of government departments and offer you to log in through your account from Gosuslug.

Check which sites are linked to your account

When you log in to third-party sites through the "Gosuslugi", the site requests access to certain data from the portal. All information about this is stored in your account. Periodically it is worth checking the list of sites associated with it. This will help, firstly, to detect that someone has already reached your office. Secondly, to prohibit access to your data to those sites that you no longer need.

The list is available in the "Permissions" section in the "Consent and powers of attorney" tab.

Check which devices are associated with the account

The list is available in the profile in the "Security" section. If you find someone else's device there, log out of the session and change the password. It will also be good check credit historyto make sure the scammers didn't take out a loan on you.

Here, in the next tab, you can see all your (in the worst case, not only your) actions in the system.

It is worth checking the list of devices and sessions periodically. The sooner you know that your data has been leaked, the sooner you can react.