THEThe web, an environment full of opportunities, has also become, unfortunately, fertile ground for sophisticated and constantly evolving scams. IT criminals are very prepared and capable of exploiting the anonymity and speed of the online world, using increasingly ingenious techniques to steal sensitive datacompromising digital identities and subtracting money from the victims. The last threat, in order of time, is truly insidious and Take advantage of the INPS image to steal the digital identity of users.
The spid scam
From the simple e-mail camouflaged from official communication to the most insidious demine through fraudulent SMS, online scams are manifested in multiple shapes. In this scenario, The awareness and timely adoption of security measuresthey are not only recommendations, but real needs to protect yourself from a digital world in which each click can prove to be a potential invitation to the attack.
Deceptive SMS messages can deviate victims to trafficking sites by criminals (Getty)
How it works
The technique used for the spid scam It is part of the practice of “demishing”, or the sms phishing: The scammer sends an SMS that imitates an official communication, using tones that oscillate between threats and urgent notices. Some messages argue, for example, that there are irregularities in the tax return or that the user’s INPS profile must be updated to avoid the suspension of services. In any case, the common goal is that of Push the victim to click a fake link that directs it to a counterfeit websitemade to faithfully replicate the appearance of the official INPS website, With the aim of creating a false spid. In fact, the official messaging of the INPS does not contain clickable links, but always textual notices, to ensure the security of personal data and prevent phishing attempts.
The stolen data
Once redirected on the fraudulent website, The victim is invited to enter a series of highly sensitive data. Among the requested information includes:
- personal data: name, surname, address and other personal information.
- bank details: the IBAN code, a critic for any changes or deviations of payments such as salaries and pensions.
- identity documents: copies facing/retro identity card, health card or driving license.
- paychecks: copies of the last coupons, useful for completing the fraudulent profile.
- Selfies and video-field: To verify the identity, in some cases a selfie or a short video is requested in which the person moves the head, in order to obtain high visual quality files.
And the connected dangers
After clicking on the key “Confirm” or “Next”the criminals definitively acquire this data, taking advantage of them to create a false Spid and access numerous online services of the public administration. In addition, information can be used to change the IBAN and divert payments, or sold on the Dark Web, feeding further fraud.
The consequences of the SPID scam
The risks deriving from digital identity theft are manifold. In addition to the direct theft of the SPID identitythe stolen data can be used for:
- Change the bank details: The scammers could change the IBAN associated with pensions or salaries, diverting sums of money on the accounts they controlled.
- data sale: The stolen information can be exchanged on the Dark Web, exposing the victim to further scams in the future.
- Other fraud: The reconstruction of digital identity can facilitate the signing of fraudulent contracts or other illegal activities.
What to do if you fall victim to deception
If you inadvertently provide your data after clicks on the suspicious link, it is essential to act quickly:
- denouncing the postal police: go to a territorial post office of the Post Police with all the useful documentation (SMS received, documents sent, etc.) or proceed with the online report through the official website www.comissariatodips.it
- monitoring current accounts: check carefully, in the months following the scam, any anomalies or unauthorized changes on bank accounts connected to state disbursements.
- by contacting the official entities: in case of doubt it is appropriate to contact the INPS directly through the official numbers (803.164 from Fixed, 06.164.164 from mobile) or institutional social channels.
Prevention is the best defense
Stay informed, adopt cautious behavior And promptly report any suspicionit is essential to defend itself from the growing river wave. Prevention, in fact, is fundamental. But what to do not to be deceived?
- be wary of links: Remember that INPS official SMS do not contain clicked links. In case of reception of such messages, avoid clicking and always checking authenticity with official sources.
- Check the URL: If the link is followed, however, check carefully that the web address in the browser bar is the official one, or “Inps.it”. Beware of spelling errors or unusual domains that could indicate a phishing attempt.
- Do not provide online data: Avoid entering personal, banking information or identity documents on sites achieved through links received via SMS or untreated emails.
- report suspicious messages: forward the suspected messages to the Cert-Agid to the email address [email protected] Or contact the INPS contact center, thus helping to monitor and fight these scams.
I woman © RESERVED REPRODUCTION