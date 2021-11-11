Listen to the audio version of the article

Cyber ​​attacks are continuous and affect all the services or companies that provide services on the Internet, but in these hours there is a gang of cybercriminals who have targeted the users of the Italian Post Office with a refined technique that is difficult to be identified for those who are not an expert.

The attack aims to steal the credentials to connect to the site, which we recall that gives access to a whole series of services including those connected to PostePay, and is carried through an extremely credible SMS.

In fact, through a technique known as “spoofing” the criminals are able to send the message with the same identification number as the Italian Post Office service and therefore the criminal SMS will appear under the lawful ones sent by the service.

In the text of the SMS, the criminals inform users that there is a problem with their account master data and invite them to correct the data by clicking on a link. Once clicked, you arrive on a page where the problem is explained and, to force users not to delay in the operation, they are informed that their account will remain partially blocked until the error is corrected.

Going to check the site that opens, however, the security expert Alessio Sanavio discovered that the digital certificate has nothing to do with the Italian Post Office, which was only recently issued and that the address is clearly disconnected from any Poste operation

Those who enter their data on that site, then, hand them over to criminals who will try to use them to steal money or to obtain loans or other services in the victim’s name, without paying for them.This criminal operation reminds us how important one of the golden rules of personal cyber security: never click on links that arrive via messages. Rather, we go to the site of the service that we want to verify by typing the address by hand and calling customer service to ask for clarifications and confirmations.