A new scam is exploiting the image of the payments system pagopa In favor of public administrations and managers of public services in Italy to subtract sensitive and/or money data: often it is manifested with an apparently formal email, complete with a logo pagopa In the header, a precise amount to be paid and a numerical reference that simulates a real practice. The message talks about one alleged fine for speed excess For a few hundred euros, he warned that the amount could double within 72 hours And invite you to click on a link to access the payment portal with which to regularize your position as soon as possible. Everything seems legitimate, yet it is the umpteenth attempt with well -built phishing. We enter more detail and see how the scam of the fake fine to be paid with pagopa works and how to defend yourself.
How to recognize the scam of the fake Pagopa notice
According to the CERT-AGIDthe national team that deals with IT security for theAgid (Agency for digital Italy), for some months now a new wave of targeted computer attacks has been underway: apparently institutional e-mails and SMS who simulate the communication of a sanction due to an alleged infringement of the traffic code. The message invites you to pay through a fictitious portal that imitates the pagopa interface in an extremely credible way. The fraudulent sitereachable from a link included in the message, faithfully reproduces graphics, colors and fonts of the official portalbut is hosted on suspicious domains and has the sole objective of stealing personal and banking information.
One of the characteristics that makes this attack particularly insidious is the tone of communication: the grammar is curated, the language is formal, and the email includes numerical references that very reminiscent of the real violation codes (e.g. #R7230033407). In addition, a amount and any increase if the payment is not made quickly. This type of pressure – imminent deadlines and implicit threats, such as the loss of points of the driving license – is typical of online scams: the urgency is used to press pressure and push potential victims to perform actions without reflecting.
How to defend yourself from the scam of the fake Pagopa notice
To protect you from these threats, it is essential to remain shiny and act with method. Online scams leverage urgency to lead you to perform impulsive actions. The first rule for Defend oneself from the scam of the fake Pagopa notice it is therefore that of not being panicked, Don’t open suspicious links And, of course, Never enter sensitive data – as paper numbers or bank credentials – before having carried out independent checks. You must have clearly clear, in fact, that Pagopa never requires such information through messages delivered by e-mail or SMS.
The analysis of the text can also offer clues: too alarmistic tones, requests for personal data or not consistent links with the official domain of Pagopa (which for the record is Checkout.pagopa.it) are all important alarm bells, which should not be ignored at all; the same applies to the lack of the security certificate Https (characterized by the presence of padlock In the browser addresses bar), which allows you to distinguish a safe site from a dangerous one.
Also carefully check the sender of the e-mail: the authentic payments of Pagopa are clear and recognizable, such as [email protected]. If the email comes from an address that has a different domain from what we have just indicated to you, evidently it is a fraudulent message. However, be careful also to any “Small variations, spelling errors or obvious inconsistencies (for example they come from a sender who has a name and surname created ad hoc)»As the same pays on this information page suggests.
When you find yourself in front of a hypertext connection suspicion, analyze the link without opening it: If you are reading the mail from a computer, you can pass the cursor on top of the link to view the real address in preview, while on many smartphone models you may be able to see the URL to which the link corresponds by making a prolonged tap on the latter. And, as a “general rule” when a payment is ordered, make sure this is legitimate: you can check it by connecting to the official website of the body from which the message seems to come, (by typing its URL directly in the browser instead of opening the link from suspicious communications) and then accessing Spid or CIE.
If despite these “investigations” you have not yet been able to understand if the email received is dangerous or not, know that you can forward it to the Cert-Agidusing [email protected]@Cer-Gid.gov.it, so as to receive assistance.
