A new and sophisticated phishing campaign is targeting Italian citizens, improperly exploiting the names and logos of the Health Card System and of Ministry of Health to steal sensitive data, staging an alleged expiration of the health card. Security experts have raised the alarm CERT-AGIDaccording to which it is based on the massive sending of deceptive emails that warn the recipient of an alleged «imminent deadline» of the document, inviting potential victims to click on a link to start a renewal process, which is obviously false. Anyone who falls into the trap is redirected to a fraudulent portalidentified by the domain latesserasanitaria.comspecially designed to collect a wide range of personal information, from personal details to telephone and email contacts. This operation exposes the user to serious risks, including identity theft and the subsequent trading of the stolen information on the digital black market. In this study we explain in more detail how the expired health card scam works and how to defend yourself.
How the expired health card scam works
Let’s now analyze it in detail scam mechanism expired health card scam to understand the real risks and dynamics. It all begins with the receipt of an email message that faithfully replicates the logos and institutional communication style of the Ministry of Health, with the aim of generating a strong sense of urgency in the recipient of the communication. The text leverages the bureaucratic fear of being discovered by the health service, presenting a button in plain sight with the words “Renew your card now”. It is at this precise moment that the trap is triggered: by clicking on the link, the user is not directed to the secure servers of the Public Administration, but rather lands on a bait page which requires the manual entry of name, surname, date of birth, residential address and contact details.
This data, once in the possession of the criminals, obviously does not serve to renew any document, but is accumulated in databases to be used in illicit activities, such as cloning documents or reselling them to third parties for further targeted fraud.
How to protect yourself from the expired health card scam
For defend yourself from the expired tax code scamwe must first learn to recognize such deception attempts. When an email generates fear, a sense of urgency and other similar feelings, you need to stop and think clearly. In the specific case of this phishing attempt, by doing this, one could easily realize the true nature of the communication by remembering important information: the document in question has a standard duration of six years And it is not necessary to start any renewal procedure. Upon its natural expiry, the Revenue Agency automatically sends the new document to the citizen’s residence address. In case of non-delivery, a request will be sent from this Revenue Agency page. For all these reasons, therefore, do not click on any linksshould you receive the false communication we talked about in the article.
