Threat Research

Ongoing INPS Smishing Campaign Exploits Telegram Bots to Steal Personal Data

Italy-Cert-agid

Summary :

A smishing campaign impersonating INPS has been reported, tricking victims into providing personal and financial data through fraudulent communications. #Smishing #CyberSecurity #DataProtection

Keypoints :

  • A smishing campaign using the INPS logo and name is actively targeting users.
  • Victims are lured to a fake website to provide sensitive personal and financial information.
  • Collected data is sent to a Telegram bot used by attackers for Command & Control.
  • Users are advised to verify the source of messages and report suspicious communications.

MITRE Techniques :

  • Phishing (T1566): Uses fraudulent messages to trick victims into revealing personal information.
  • Command and Control (T1071): Utilizes a Telegram bot for automating and centralizing data collection.

Indicator of Compromise :

  • [email] malware@cert-agid.gov.it

11/12/2024

CERT-AGID has received a report from a user of the social network X regarding an active smishing campaign using the logo and name of INPS to induce victims to provide personal and financial data.

Through fraudulent but seemingly official communications, users are invited to follow a link to verify or update their information in order to receive a supposed payment of €280.

Stolen personal data

Once the link is clicked, victims are directed to a fake web page that replicates the style of the official INPS portal. Here, they are asked to enter:

  • first and last name;
  • tax code;
  • city;
  • phone number;
  • credit card information;
  • IBAN.

The collected data is sent directly to a Telegram bot, used by the attackers as Command & Control to automate and centralize the collection of stolen information.

Recommendations

CERT-AGID recommends that users remain highly vigilant regarding suspicious messages and adopt the following precautions:

  1. Carefully verify the source of messages: be cautious of communications that require entering personal data through links.
  2. Ensure you are on the official platform of the entity, carefully verifying the URL in the browser and ensuring it includes the official domain of the organization.
  3. Report suspicious messages: forward doubtful communications to CERT-AGID at the address malware@cert-agid.gov.it

Indicators of Compromise

The IoCs related to this campaign have already been shared with organizations accredited to the IoC feed of CERT-AGID.

Link: Download IoC

Full Research: https://cert-agid.gov.it/news/campagna-di-smishing-inps-in-corso-sfrutta-bot-telegram-per-rubare-dati-personali/

Tags: EMAIL, BROWSER, COLLECTION, FINANCIAL, PHISHING

Check this following Post also