THE’INPS (National Institute of Social Security) recently started a new information campaign, sending e-mails to millions of citizens to report a worrying increase in computer scams that fraudulently exploit the name and brand of the institute. These Scams are presented in the form of SMS or e-mails which, apparently, seem legitimate communications of the INPS. In reality, they are attempts to “Phishing” or “Smishing” -terms that indicate respectively scams by e-mail and SMS-whose goal is to subtract sensitive information to unsuspecting users, such as bank data, access credentials to online services, personal documents or personal data of various kinds. Truffaldini messages usually invite the user to click on unofficial links with the excuse of checking their data, accessing alleged refunds or avoiding the suspension of economic benefits.
If you fall, the consequences can be serious: IT criminals can, for example, request loans in your name, activate a digital identity (such as it Spid) Without your consent, divert payments related to pensions or subsidies, or even access public services by impersonating you! It is precisely for this reason that INPS invites to pay maximum attention and provides a series of recommendations for recognize and defend themselves from these digital traps. It is fundamental Don’t click on the link And Never enter personal information on sites whose legitimacy cannot be verified.
How the INPS scams work
The scams reported by INPS are based on a well -known mechanism in computer security: social engineering. It is a psychological technique that exploits the urgency or fear to induce you to act impulsively, for example By clicking on a link or providing personal informationintimating that if you do not do it you could meet the suspension of INPS services, you could run into the failure to receive bonuses to which you may be entitled, and so on. In most cases, messages arrive in the form of e-mails or sms with text type: «Check your data to continue receiving the payment “ or “You are entitled to a refund, click here to get it». The message includes a hypertext connection that leads to a counterfeit website, often almost identical to the official one, but with an address similar only in appearance (such as “Insp.it”, “IPNS.it”, “Inpis.it”, “Imps.it,” 1nps.it “and the like) instead of “Inps.it”.
Those who access these counterfeit versions of the INPS site are then induced to enter IBAN, tax code, telephone number, Spid credentials or other sensitive data. This information, if stolen, can be used to access public or banking services, or to create a fictitious digital identity, with legal and economic repercussions even very serious. In describing these repercussions, INPS explains:
If you provide your data on these sites, scammers can: request loans in your name; open fraudulent current accounts; divert the payments of your services; Activate, without your knowledge, SPID credentials in your name; access the services of the public administration pretending to be you.
How to defend yourself from INPS scams
To defend itself from these attacks, the INPS recommends the implementation of some simple and effective safety measures. First, remember that the INPS never send e-mails or sms containing links for confirmation of personal data or to receive reimbursements. As the Institute explained in a communication recently sent to all users of the INPS platform:
The only e-mails with links that INPS Send are those for investigations on user satisfaction, but they will never ask you for bank or documents.
If you receive a suspicious message, Don’t click on the link And Never enter personal information on sites whose legitimacy cannot be verified.
To help you distinguish real messages from false ones, INPS has made available a Vademecum Anti-stropeavailable at this link, where you will find concrete examples of fraudulent messages, practical advice to recognize them and indications on how to report them. Even in case of doubt, it is always better to check: you can contact the INPS directly through the official channels among those available.
And if you receive a suspicious message that seems to come from INPS, do not ignore it but report it immediately to the postal police. Each report helps to improve protection for the whole community. The computer scams are not only affecting those who “fall”: they represent a systemic threat to the security of the personal data of everyone.
