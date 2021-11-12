Online scams are commonplace, especially for those companies that provide services on the internet.

In these hours, however, a gang of so-called cybercriminals has targeted many users of Italian post, succeeding in misdeeds thanks to a very particular technique accomplished by sending a simple SMS.

Let’s see in detail what they came up with this time.

Spoofing

The attack aims to steal the user’s credentials to connect to the Italian Post Office site, which gives access to a whole series of services, including those connected to Poste Pay cards. The whole is implemented through a SMS from PosteInfo extremely credible and truthful.

Using the so-called spoofing technique, criminals are able to send the SMS with the same identification number as the Italian Post Office: the message will appear under the lawful ones sent by the Post Office service.





message image





message image 2

In the text of the message, the criminals inform users that there is a problem with the personal data of their accounts and, therefore, invite them to correct them by clicking on the link. Once you click on the SMS link, you are sent back to a page where the issue is explained, to force users not to delay in the requested operation, they are told that the victim’s account will remain blocked until this error is corrected .

By checking the web page that is opened, thanks to the security expert Alessio Sanavio, we discovered that the digital certificate it has nothing to do with the Italian Post Office. So we will update – if fallen into the trap – something that does not concern the Italian Post Office.

By entering data on this site, data is handed over to these criminals and used to steal money, obtain loans or other services on behalf of the victim.

In case of a scam, call the bank

When receiving these types of messages, good practice recommends that you call the bank immediately or the competent institution, in our case the Italian Post Office.

Should we ever be contacted by telephone, it is useful to ascertain who the interlocutor is: many criminals, to inspire trust in their victims, tend to resort to this type of practice; especially if the caller’s number is similar to that of the institution. By doing so, the criminal will try with an excuse to be given a code which will then arrive via SMS.

This code, which is usually passed off as a way in which the caller has the ability to verify the identity of the unfortunate user, is in reality an authorization code that is issued to the criminal by the institution following a operation attempted by the criminal: not being able to continue the operation, the criminal tries to obtain the credentials from the victim himself.

What financial advisor Luca Lixi says

Luca Lixi, financial advisor, founder of wikileaks personal finance, interviewed by askanews, believes that one of the best methods is financial literacy: the main tool would be to gain awareness.

Specifically, Lixi believes that there are some common factors of promoted scams:

promotion of a guaranteed result, gain or return effortlessly ;

; when the promises they are too high;

they are too high; when the speech of the risk.

In addition to the factors to recognize scams, Luca Lixi recommends investing heavily in his own financial education, especially in Italy, a country characterized by widespread ignorance on the subject.

In summary: we must stay away from those who promise easy earnings and without operational risks and / or efforts. Furthermore, the most useful thing is to try to invest in one’s skills, especially those of a financial nature.