False emails for the renewal of the Health Card from the Ministry of Health: what happens with the scam

False emails for the renewal of the Health Card from the Ministry of Health: what happens with the scam

Image generated with AI for illustrative purposes only.

An alleged one replacement mandatory of Health carda message that recalls the Ministry of Health and a convincing looking website – these are the elements used in a new campaign phishing identified by CERT-AGIDThe Computer Emergency Response Team of the Agency for Digital Italy. The goal of cybercriminals is to trick users into believing that it is necessary to request a new document to continue accessing healthcare services, thus convincing them to provide personal data and payment information on fraudulent pages.

As reported, the campaign uses several fraudulent Internet domains that reproduce graphics and visual identity of the institutional portal to make the scam more credible. This is a now consolidated technique that aims to leverage the trust placed in public bodies to push victims to lower their guard.

What the Health Card replacement scam is and how it works

The mechanism follows a rather simple scheme, which has already been observed in the past, but designed to appear authentic. The user receives a communication informing of the need to replace the Health Card to adapt to a alleged new electronic health identification system. The message also suggests that failure to replace it could lead to the progressive deactivation of the card and, consequently, limitations in access to health services.

Actually there are no official campaigns that require citizens to replace their Health Card with the methods described in the message. It is precisely this false urgency that is exploited by cybercriminals to convince victims to lower their guard and provide their data.

Image
The fraudulent site that simulates the portal of the Ministry of Health. Credit: CERT–AGID

To complete the process, the recipient must click on a link to a site designed to resemble that of the Ministry of Health. Here you are asked to fill out a form with personal data, contact details and other details.

In the next phase, a summary of the costs for the presumed issuing of the new card appears. The site requires the payment of 6.39 eurosa figure presented as the sum of various items, including 2.50 euros for issuing, 0.99 euros for shipping and 2.90 euros for activating the service. Once the payment is initiated, victims are tricked into entering their payment card information, which together with their personal information is the real target of the scam.

Because the scam may seem credible

Phishing campaigns are not aimed at directly hacking computer systems, but at manipulate people’s behavior. In this case, cyber criminals adopt a familiar theme such as the Health Card, a document used daily to access numerous services of the National Health System.

Several factors contribute to making the scam even more convincing: the use of institutional logos, graphics similar to those of official portals, formal language and references to alleged administrative procedures. Added to this are calls to act quickly to avoid alleged inefficiencies. That’s everyone typical elements of this type of scam, designed to push users to act on impulse without verifying the authenticity of the messages received.

How to recognize phishing and avoid falling into the trap

Recognize this type of scam it’s not always simpleespecially because cybercriminals can reproduce with great fidelity the graphic appearance of sites and emails that appear to come from public bodies. For this reason, the name or logo of an institution is not sufficient to guarantee the authenticity of a communication.

Before entering personal or payment data it is therefore advisable to check carefully the website addressavoiding accessing through the links contained in the emails and preferring to manually type the address of the official portal into the browser. Likewise, any requests for unexpected payments or bank data in the context of administrative procedures should be considered a red flag. In case of doubt it is preferable to interrupt the procedure and verify the possible existence of the request by directly consulting the official channels of the Ministry of Health or competent bodies, without using the links in the email or SMS.

CERT-AGID constantly monitors such campaigns and, when it identifies new fraudulent infrastructures, initiates enforcement activities together with the competent entities, also updating the indicators of compromise used to identify malicious sites. However, because the domains used by criminals can change rapidly, the most effective defense remains prudence. Therefore, always check the origin of communications and be wary of requests that invite you to provide personal data or payment information through links received via e-mail.