This article discusses the rise in smishing scams impersonating the Italian National Institute of Social Security (INPS), aimed at stealing personal information. It outlines the methodology used by scammers, potential consequences for victims, and preventive measures to stay safe. Affected: INPS, personal data security, online users
Keypoints :
- The CERT-AGID has reported a surge in scams exploiting the INPS name.
- Smishing is a type of phishing using SMS messages to deceive victims.
- Scams often use threats or urgency to prompt victims to act quickly.
- Victims are directed to fraudulent websites mimicking INPS to collect sensitive data.
- Stolen data can lead to identity theft, modified banking details, or further fraud.
- Victims should report incidents to the police and monitor their bank accounts.
- It’s crucial to verify the authenticity of messages claiming to be from INPS.
- Maintain vigilance and report suspicious messages to help combat scams.
MITRE Techniques :
- Phishing (T1566): Scammers send deceptive SMS messages claiming to be from INPS to trick victims into revealing personal information.
- Credential Dumping (T1003): Stolen credentials obtained through smishing may allow attackers to access various services under a victim’s name.
- Account Manipulation (T1070): Victims’ banking information can be altered to reroute payments to the attackers’ accounts.
Indicator of Compromise :
- [SMS/Text Message] SMS impersonating INPS offering benefits or warnings about alleged irregularities.
- [Fake Website] URLs leading to phishing sites designed to look like the official INPS site (e.g., mimics www.inps.it).
- [Email Address] communication from unusual or unofficial email addresses purportedly from INPS.
Full Story: https://cert-agid.gov.it/news/smishing-a-tema-inps-come-comportarsi-in-caso-di-furto-dei-dati/