A recent smishing campaign in Italy is exploiting the INPS name and logo to deceive victims into providing personal and financial information. The fraudulent SMS messages prompt users to update their information under the threat of account suspension, leading them to a fake website. The stolen data is used for identity theft and other fraudulent activities. Affected: INPS
Keypoints :
- Active smishing campaign targeting INPS users.
- Fraudulent SMS messages threaten account suspension.
- Victims are redirected to a fake INPS website.
- Personal data requested includes ID, health card, driver’s license, and selfies.
- Stolen data used for identity theft and fraud.
- Criminals can register a new SPID identity using stolen information.
- Recommendations include verifying message origins and reporting suspicious communications.
MITRE Techniques :
- Phishing (T1566) – Users receive fraudulent SMS messages prompting them to click a link to a fake website.
- Credential Dumping (T1003) – Attackers collect personal data such as identity cards and selfies to steal identities.
Indicator of Compromise :
- [domain] fake-inps-website.com
- [url] http://fake-inps-website.com/update-info
- Check the article for all found IoCs.
Full Research: https://cert-agid.gov.it/news/smishing-a-danno-di-inps-caccia-ai-documenti-personali-da-sfruttare-per-il-furto-di-identita/