It had been a while since we informed you about a phishing attack that it exploited INPS as a bait. Now, the National Institute of Social Security is back in the crosshairs, used by savvy cybercriminals looking for victims to steal personal data and money from their checking accounts.
In practice it is a new one e-mail which alerts the recipient user about an alleged request of the same INPS could not have accepted due to the lack of specific documentation. With this excuse, cybercriminals, posing as the official body, invite the poor victim to provide the missing data by accessing the archive attachment in the mail.
Let’s find out all the details of this new one together fraudvery dangerous, which hides a terrible malware capable of stealing all personal information and access credentials on the victim’s device.
A new scam email uses INPS as a decoy
Once again INPS was forced to alert all Italian citizens about a new one email scam who uses his good name as a bait. In a statement issued via Twitter and containing a PDF with the details, the National Institute of Social Security best described this dangerous attack:
False emails are circulating online, sent from an email address apparently attributable to the Institute and bearing the signature of an INPS Director. The email informs the taxpayer that his request has not been accepted due to lack of documentation and is invited to “read the exhaustive documentation concerning his request and the provision, both present in the attached archive and downloadable in this e- mail “.
Obviously, the attached file, recognizable because in the format .zipcontains a dangerous malware which, once opened, infects the victim’s device. In fact, this terrible virus installs itself in the system used by the user causing a lot of damage. First of all, the theft or elimination of personal data and, consequently, the theft of confidential information such as login credentials, personal passwords and, ultimately, the money deposited on the online current account.
Some tips to avoid falling victim to these cybercriminal attacks
Let’s look at some now advice useful so that no one can fall victim to these scams whether they are phishing or vehicles for the spread of dangerous malware e banking trojanslike the recent malicious app on the Android Google Play Store:
- INPS never sends communications of this type via email, even if they contain the logo or signature of the Institute’s staff;
- never open attachments contained in these emails, especially if they are .zip files;
- periodically check the page dedicated to the communications of new scams present on the official website of INPS.
