The article discusses the ongoing smishing campaigns targeting the Italian public, particularly focusing on scams related to the INPS (National Social Security Institute). The scams involve the theft of identity documents, mostly selfies where the document is displayed next to the victim’s face. Despite continuous monitoring and takedown efforts by CERT-AGID, these fraudulent activities continue to proliferate, leading to an increase in victims and the illegal sale of personal documents on the dark web. Affected: INPS, Italian Citizens, Public Administration
Keypoints :
- Ongoing smishing campaigns in Italy target INPS and aim to steal identity documents.
- Scammers primarily seek selfies that show the document alongside the victim’s face.
- CERT-AGID monitors reports and initiates takedown procedures against identified fraudulent domains.
- The number of victims continues to rise, with 33 fraudulent INPS domains identified in the first quarter of 2025.
- Stolen data are used for identity theft and sold on the dark web.
- Online sale of identity documents complete with selfies has been detected on deep web forums.
- CERT-AGID has created a guide to raise awareness and instruct victims on recognizing and responding to these scams.
MITRE Techniques :
- Phishing (T1566): Scammers use smishing to deceive victims into providing personal information.
- Credential Dumping (T1081): Captured identity documents might imply intent to steal and exploit personal credentials.
- Data Staged for Exfiltration (T1074): The collection of identity documents for illicit sale on the dark web.
Indicator of Compromise :
- [Domain] fraudulent-inps-1.com
- [Domain] fake-inps-portal.com
- [Domain] inps-scam-site.com
- [Email Address] scammer@example.com
- [URL] http://malicious.com/scam_link