An email and an invitation to click on a link to update the data in the Electronic Health Record or to renew the health card. This is yet another online scam that is spreading at the moment and which uses the name and logo of the Ministry of Health to entice users, via e-mail and ad hoc web pages, to provide their personal and banking data. The phishing campaign was reported by the Ministry of Health itself, which recalled a fact to always keep in mind when receiving communications of this type: institutions do not use these methods to collect data and the services mentioned are free. It would be enough to remember this to stay away from these scams. In any case, let’s see how the Ministry of Health email scam works and how to defend yourself.
How the Ministry of Health fake email scam works
Like many other campaigns of this type, in this one you can clearly see what the central element of the scam is: the attempt to build credibility by the cyber criminals who orchestrated the new phishing. The emails use the name of a public institution known to citizens – the Ministry of Health – to generate trust and lower the state of alert of the recipients of the message. Its content, then, is formulated to push the user to act quickly: they are asked to click on a link to prevent their Electronic Health Record from stopping working due to a lack of data or to ensure that the updated health card is delivered without delays.
But what really happens if you click on the link? The Ministry of Health, in no uncertain terms, explains:
The link takes you to a fake website, graphically similar to institutional platforms, where you are asked to fill out a form with numerous personal and sensitive data, including banking details.
The Ministry also reminds you that both the health card and the Electronic Health Record are completely free services. This detail is important to remember because many scams try to justify the request for data or payments with the promise of activations or renewals of these services. In reality, any operations relating to these instruments must take place exclusively through official channels, such as institutional portals or authorized branches. When an email asks us to enter information through an external link, we are faced with a significant anomaly, which inevitably is a symptom of a possible scam.
If the user were to fall for the trap set by scammers, the consequences of sharing this data – personal and financial – could be very serious. This information could be resold on the Dark Web by scammers, used to create false identities, or used in further fraudulent activities.
How to protect yourself from phishing scams
We now come to the defense strategies to be adopted to avoid falling into the scam of fake emails from the Ministry of Health. Basically, you need to follow the following suggestions, some of which have been provided by the institution itself.
- Check the source of the communication: the Ministry of Health does not send emails requesting the entry of personal data through unofficial online forms. This means that any message of this type should be considered suspicious.
- Analyze the link: Web addresses used in scams often have small variations compared to the real ones, such as spelling errors or unusual domains. To defend yourself, do not open the link, because it is precisely through these links that the scam mechanism is activated.
- Do not provide personal data: if the message received asks you to send information and data concerning you, do not do so for any reason.
