truffa bonus inps

The new scam with fake SMS from INPS promises bonuses of 280 euros: what to do and what the message says

A new wave of cyber scams is hitting Italian users via SMS exploiting the INPS name and logo. The scam, reported by CERT-AGIDor the Computer Emergency Response Team of theAGID (Agency for Digital Italy), consists of a smishing campaign, a technique that uses Fraudulent SMS to steal personal and financial information. The message, which appears official, invites you to click on a link to update your data and receive a alleged bonus of 280 euros. If you open the link, you will access a fake web page which quite faithfully reproduces the official website of theNational Institute of Social Security. Here, sensitive data such as tax code, IBAN and even credit card details are requested, information that ends up directly in the hands of scammers via a Telegram bot. To protect yourself from this type of attack, it is essential to recognize the signs of a scam and take some security measures.

How to recognize and how the fake INPS bonus SMS scam works

Smishing is a variant of phishing that uses SMS instead of emails to trick victims. It is with this technique that the scammers simulate official INPS communicationsleveraging the trust (given by a reliable and well-known body such as INPS) and onurgency (the need to update your data online to receive the bonus 280 euros). The message, which is reproduced in the following screenshot, promises a financial credit only if you provide the requested data.

Image
A typical scam SMS passed off as an official communication from INPS. Credit: CERT–AGID.

Once you click on the link, you access a web page created to resemble the famous institutional portal in every way, but in reality it is a page controlled by criminals. If you were to enter your personal data on the page in question – name and surname; Tax ID code; city; telephone number; credit card information And IBAN – these would be immediately transferred to a Telegram bots which, as a sort of command center, allows attackers to receive and catalog stolen information in real time. As explained in the official note released by CERT-AGIDIndeed, “the collected data is sent directly to a Telegram bot, used by attackers such as Command & Control to automate and centralize the collection of stolen information».

The requested data, once collected by cyber criminals, can be used for a variety of illicit activities. Scammers might make unauthorized withdrawals, apply for loans in the name of the victim or sell information on the Dark Web.

What to do if you receive the INPS scam SMS: how to defend yourself and report it

For protect you from the scam of the fake INPS bonus of 280 eurosit is essential to take some precautions. First of all, do not trust messages that require you to enter personal or banking data via links. Official bodies, such as INPS, never request this type of information via SMS or email. If you receive a suspicious message, always check the address of the website indicated: the official INPS websites use the inps.it domain and must be accessible only via secure connections, identified by HTTPS prefix. In addition to this, to help the authorities monitor the progress of the ongoing smishing campaign, if you receive the message in question, immediately report it to CERT-AGID using the following email address: [email protected].