Phishing campaigns that target users and organizations in Italy are analyzed in this post. Phishing is a method used by criminals to deceive individuals into revealing personal or financial information through various channels, such as emails, websites, and instant messaging. One popular form of phishing is brand phishing, where criminals mimic the official website of a well-known brand or entity using similar domain names, URLs, logos, and graphics. This poses a serious threat to user privacy and device security, and can also serve as a means to distribute malware.
Reports from the Italian Postal Police and CERT-AgID confirm the prevalence of phishing campaigns in Italy, involving numerous exploited brands such as Poste Italiane, Intesa Sanpaolo, Nexi, Inps, Agenzia delle Entrate, and Zimbra. Phishing attacks have seen a significant increase, with a 180% rise in the second quarter of 2023 according to the Exprivia cybercrime report.
To successfully carry out a phishing attack, scammers rely on the unwitting cooperation of their victims. They often begin by sending emails or SMS messages with links that redirect users to fake websites resembling legitimate ones. Through these fake websites, scammers collect sensitive information entered by users in forms, which is then delivered to their servers. Despite constant efforts by public institutions and private companies to raise awareness about phishing scams, unsuspecting users still fall victim to these attacks by providing their credentials, PINs, and other personal data through unconventional channels.
The post describes several phishing campaigns that have targeted Italy. One example involves a text message supposedly from Posteinfo, urging users to confirm their identity to avoid account suspension. The provided link leads to a fake “Poste Italiane” website where scammers try to collect credentials, phone numbers, and available balances. Another example is a fake email that masquerades as a request from Zimbra for urgent application updates, while a third example involves a fake email asking for confirmation of credit card use by Nexi cardholders.
To protect oneself from phishing, it is recommended to combine a security solution with careful behavior. This includes thoroughly examining email headers to verify the sender’s identity, checking for grammar and spelling errors, avoiding shared and public computers, and being cautious of newsletter unsubscribe links. It is important to note that the presence of HTTPS does not guarantee the trustworthiness of a website, as SSL certificates only ensure encrypted data transmission.
If one falls victim to a phishing scam, immediate action is necessary. This includes changing the password of the targeted service, enabling two-factor authentication (if not already done), and contacting both the targeted organization and the police.
The author of the post, Salvatore Lombardo, is an electronics engineer and member of Clusit. He advocates for conscious education and has written for various online magazines on information security. He is also the author of the book “La Gestione della Cyber Security nella Pubblica Amministrazione” and emphasizes the importance of education in raising awareness about cybersecurity.
