A phishing campaign is currently active, exploiting the logo and name of the Ministry of Health to deceive victims into providing personal and financial data. The campaign involves fraudulent emails leading users to a fake page where they are asked for sensitive information under the pretense of receiving a reimbursement. Affected: Ministry of Health
Keypoints :
- Active phishing campaign using the Ministry of Health’s branding.
- Fraudulent emails prompt users to click on links for a fake reimbursement.
- Victims are asked for personal data including name, address, phone number, and credit card details.
- Cybercriminals request credit card information twice to minimize errors and capture data from multiple cards.
- CERT-AGID is taking action against the campaign and has shared IoCs with accredited organizations.
- Users are advised to verify the source of messages and report suspicious communications.
MITRE Techniques :
- Phishing (T1566) – Cybercriminals send fraudulent emails that appear legitimate to collect sensitive information from victims.
Indicator of Compromise :
- [email] malware@cert-agid.gov.it
- [url] http://fake-reimbursement-page.com
- [domain] ministryofhealth.fake.com
- [file name] phishing_email_template.html
- [others ioc] Recent domain registration on Namecheap.
- Check the article for all found IoCs.
Full Research: https://cert-agid.gov.it/news/false-comunicazioni-del-ministero-della-salute-sfruttate-per-phishing-finanziario/