INPS recently warned users of a new phishing campaign that uses its name to trick users into interacting with a fraudulent website, identified by a domain that has no connection with theNational Institute of Social Security, and then empty their bank accounts. The alarm was raised by INPS on its social profiles, where it reported the circulation of emails that link to a site with the domain “procemento-it.cc”, clearly unrelated to the institute’s activities. Warning: to defend yourself you must ignore the message, not opening any links contained in the scam email.
The email does not come from INPS and refers to a fraudulent site
The notice released by INPS on its official social channels reports the circulation of emails which, although they may seem official, actually represent a fairly “classic” phishing attempt. The link contained in the message, in fact, does not refer to the “inps.it” address (the official one of the Institute), but rather points to a fraudulent site with the domain “procemento-it.cc”. INPS clearly informs users that this is not a legitimate communication and that there is no need to reply to the message. This is because phishing is a very insidious computer scam, which aims to “fish” for victims by sending messages that imitate official communications.
Fake emails sent by cyber criminals exploiting the INPS name and logo usually invite you to update personal data to keep your contribution profile up to date or to provide banking information to receive a refund. The included link leads to a page that graphically reproduces the Institute’s portal, but which in reality only serves to record everything typed by the user.
This type of reporting is part of a broader monitoring activity, which the Institute has been carrying out for some time thanks also to the collaboration with CERT-AGID, i.e. the Computer Emergency Response Team of theAgency for Digital Italya structure that deals with preventing and managing IT security incidents in the Italian Public Administration. The context in which the alert is inserted is that of a society, ours, in which the digital identity of individuals (therefore personal data, access credentials and documents representing online users) has become an asset of great economic value, a bargaining chip with which cyber criminals conduct their shady deals in the anonymity of the Dark Web.
How to defend yourself from INPS-themed phishing attempts
Even if the INPS intervenes promptly by reporting and blocking fraudulent domains as soon as they are identified, to defend oneself from INPS-themed phishing attempts it is essential to become increasingly vigilant and careful Internet users. First of all, it must be remembered that INPS never asks for sensitive data via e-mail (or in other similar ways). In a communication sent some time ago to all users of the INPS platform, in fact, it is worth remembering that «the only emails with links that INPS sends are those for user satisfaction surveys, but they will never ask you for bank details or documents».
And even if a communication seems legitimate, at least apparently, always check the site address Before to click on the link contained in the message. If the message appears suspicious, we strongly advise you not to click on the link and, consequently, not to enter any personal data.
