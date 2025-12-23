Credit: INPS.



THE’INPS recently warned users of a new phishing campaign exploiting his name to trick users into interacting with a fraudulent website, identified by a domain that has no connection to theNational Institute of Social Security, for then empty bank accounts. The alarm was raised by the INPS on its social profiles, where it reported the circulation of e-mails that link to a site with domain “procedamento-it.cc”clearly disconnected from the institute’s activities. Warning: you have to defend yourself ignore the messagenot opening any links contained within the fraudulent email.

The email does not come from INPS and refers to a fraudulent site

The notice released by INPS on its official social channels reports the circulation of emails which, although they may seem official, actually represent a fairly “classic” phishing attempt. The link contained in the message, in fact, does not refer to the address “inps.it” (the official one of the Institute), but instead direct you to a fraudulent site with a domain “procedure-it.cc”. INPS clearly informs users that this is not a legitimate communication and that there is no need to reply to the message. This is because phishing is a very insidious computer scam, which aims to “fish” for victims by sending messages that imitate official communications.

Fake emails sent by cyber criminals using the INPS name and logo and usually ask you to update personal information to keep your contribution profile up to date or to provide banking information to receive a refund. The included link leads to a page that graphically reproduces the Institute’s portal, but which in reality only serves to record everything typed by the user.

This type of reporting is part of a broader monitoring activity, which the Institute has been carrying out for some time thanks also to the collaboration with the CERT-AGIDthat is, the Computer Emergency Response Team of theAgency for Digital Italya structure that deals with preventing and managing IT security incidents in the Italian Public Administration. The context in which the alert is inserted is that of a society, ours, in which the digital identity of individuals (therefore personal data, access credentials and documents representing online users) has become an asset of great economic value, a bargaining chip with which cyber criminals conduct their shady deals in the anonymity of the Dark Web.

How to defend yourself from INPS-themed phishing attempts

Even if the INPS intervenes promptly by reporting and blocking fraudulent domains as soon as they are identified, for example defend yourself from INPS-themed phishing attempts it is essential to become increasingly vigilant and careful Internet users. First of all, you have to remember that INPS never asks for sensitive data via e-mail (or in other similar ways). In a communication sent some time ago to all users of the INPS platform, in fact, it is worth remembering that «the only emails with links that INPS sends are those for user satisfaction surveys, but they will never ask you for bank details or documents».

And even if a communication seems legitimate to you, at least on the surface, always check the site address Before to click on the link contained in the message. If the message appears suspicious, we strongly advise you to do not click on the link and, consequently, of do not enter any personal data.