The attackers send malicious content, hiding behind the state services

A single portal of public services on Facebook reported on the increased frequency of malicious content, referring to the portal. They are received by both users registered in the state services and all others. The link in the letter in the screenshot leads to the infected archive.

Messages come from addresses in the mail.ru, list.ru, inbox.ru, bk.ru domains. The portal made a request to Mail.ru.

The portal gave recommendations to users:

1. Do not disclose your password from the public services portal to anyone under any circumstances.
2. When entering the password from the public services portal in the browser, always check the address of the page where the password is entered. It must certainly begin with esia.gosuslugi.ru .
3. E-mail messages from the public services portal come only from the addresses noreply@gosuslugi.ru and support@gosuslugi.ru.
4. SMS messages from the public services portal come only from the sender of gosuslugi or the number 0919.
5. The public services portal does not send users any subpoenas, including demands to appear at court sessions.
6. Do not open archives and do not run executable files sent to you by unknown senders. It may contain viruses or malicious applications.