MegaFon began transmitting data on identified phishing resources to Anti-Phishing

MegaFon began transmitting data on identified phishing resources to the Anti-Phishing state system. With its help, more than 122 thousand fraudulent resources were blocked in 2023. The remaining major telecom operators do not transfer data to the state system, but are developing their own anti-phishing solutions. When blocking fraudulent resources, speed is critical, experts say, so they doubt the effectiveness of the current data exchange procedure.

MegaFon has connected its platform for identifying fraudulent sites to the Anti-Phishing state system (launched by the Ministry of Digital Development in 2022 to identify sites masquerading as official resources of government agencies, companies, marketplaces and social networks), the company told Kommersant. The resource identifies suspicious sites, then the information is checked by company specialists, who transmit the list of resources to the operator of the state system – the Integral Research Institute. They are already sending a list of sites to block to Roskomnadzor, the Prosecutor General’s Office and other departments.

According to Integral data for 2023, Anti-Phishing identified more than 342 thousand phishing resources. About 7 thousand more of them were provided to Integral by Russian companies. Of all the identified fraudulent resources, information about more than 177 thousand was sent to government agencies, and 122 thousand were blocked or separated (that is, their domain names were turned off). The Ministry of Digital Development did not respond to the request.

MegaFon tells Kommersant that in January they transferred data on about 6.7 thousand suspicious resources to Anti-Phishing. “Most often, attackers disguise the login interface as an account on a social network or instant messenger: VK, Telegram or WhatsApp. In second place among the most popular phishing resources are imitations of State Services, and in third place are resources imitating the official websites of banks,” explained the company’s press service. They add that in January, the majority of phishing sites were hosted in the .ru, .shop, .com and .top zones.

VimpelCom told Kommersant that they offer clients anti-phishing solutions from Kaspersky for an additional fee. At Tele2, the model for automatically identifying phishing sites is “being tested”; they do not transmit data to the state system. MTS also does not yet transfer data to Anti-Phishing, but the company has both paid and free solutions to combat phishing. At the same time, the head of the service for monitoring external digital threats of the Solar Group (part of Rostelecom), Alexander Vurasko, clarified that when countering phishing, the company exchanges information, including with the Anti-Phishing system.

Director of the Informzashita anti-fraud center Pavel Kovalenko says that the effectiveness of the fight against phishing is negatively affected by “insufficient cooperation between government agencies, Internet providers, telecom operators and other stakeholders in exchanging information and responding to attacks.” According to him, the lack of a unified legal framework and liability mechanisms to combat phishing at the international level is also a negative factor.

Mr. Kovalenko adds that the effectiveness of the system largely depends on its efficiency. The average speed of detecting and blocking phishing sites within the framework of the Domain Patrol project in May-December 2023 was 21.5 hours from the moment of filing a complaint to blocking a malicious domain, said Evgeny Pankov, project manager of the Coordination Center for .ru/.рф domains.

A Kommersant source in the telecommunications market emphasizes that telecom operators “have no obligation to transmit information to the state system.” Another Kommersant interlocutor believes that the very procedure of transmitting data about phishing sites to Roskomnadzor is ineffective primarily because of the speed: “Such web links, as a rule, live for a very short time, about one hour. While the decision is made to block one link, by this time the scammers are already promoting another one.” Integral notes that the average time to block a phishing resource is 24 hours.

Alexey Zhabin, Tatyana Isakova