How to behave?

What if I receive suspicious SMS? In order to avoid any risk, we suggest that anyone who receives this type of message can take simple steps, such as:

  • Do not connect to the site indicated in the text of the message;
  • If you are connected by mistake, do not provide any kind of credentials and / or personal data, do not authenticate;
  • report further suspicious messages to the CERT@posteitaliane.it mailbox;
  • Wait for similar requests, which are not reliable.
 


In detail

In the security world, computer science and not, playing ahead is an ever-promising strategy.
Think of the latest large-scale attacks where the victims were users, businesses, and even hospitals. That’s why announcements to our customers are important to protect and try to at least stem a phenomenon that unfortunately, at times, is already in place.

In this case we are aware that from the day of May 31, SMS messages are sent that ask to click on a link that leads to a screen identical to that of our portal poste.it. This page requires visitors to authenticate using their credentials. If they are inserted, they are immediately captured and can then be used by malicious people or sold on the black market or specialized forums.

CERT verifications confirm that this is a case of “smishing / phishing” with the deceit of the victim’s personal data by sending fraudulent SMS.

Phishing is an illicit activity by which a subject manages to gain a user’s credentials and then uses them to make computer fraud consistently, in fraudulent conduct of bank / postal bank accounts or confidential information, by fingering the legitimate holder (digital identity theft). The central knot of this offense is the misrepresentation of the offended person, with artifacts or scams (ex Article 640 cf., “Scams”), and are therefore offenses sanctioned by our Criminal Code.

The SMS message is sent by “INFOMESSAGE” (probably via a skype user) and the text reads:

MSG785! ITALYPosteNotifica! It has detected incorrect use of the number from your card. Check your personal data on our site: [follow fraudulent website address]

Poste Italiane wants to reassure its customers that they have taken all the necessary actions to counteract third-party activities on the network, protect their “digital identity” , safeguarding users from computer-related illicit / victimization (eg phishing, computer fraud, digital identity theft).