A new phishing campaign is circulating on WhatsApp using the name of Autostrade per l’Italia. Users receive a message from a number with a foreign prefix warning them of a phantom unpaid toll, inviting them to immediately regularize their position via a link. Those who follow that route end up on a counterfeit site, artfully constructed to collect banking credentials and sensitive information. The mechanism leverages the sense of urgency and the fear of incurring a sanction and could lower the cognitive defenses of the recipient, pushing him to act quickly, without checking. Let’s see how the scam works in detail, what are the signs that allow you to recognize it and what to do if you have already interacted with the message.
How the new phishing works
Let’s take a closer look at how the phishing attempt works. As the Postal Police explained in an official note issued in recent hours, the scam «involves false messages attributed to Autostrade per l’Italia». Impersonating a known institution to gain the recipient’s trust is a fairly widespread technique used effectively by cybercriminals. The text of the message reports an alleged failure to pay the motorway toll and includes a link on which to click to pay the alleged amount due, thus avoiding unpleasant consequences, such as «fines and additional costs», to resume the text of the message sent by the scammers. The link refers to a domain controlled by the attackers, which could be graphically similar to the official portal, with the aim of collecting payment data, credentials and authentication codes.
How to recognize the scam and defend yourself
Learning to recognize these messages is easier than you think, as long as you know where to look. The first anomaly that should make us suspicious is the sender’s international prefix: Autostrade per l’Italia does not normally handle payment requests via WhatsApp messages, especially it would never do so with the use of international numbers. The second is the tone of the message, deliberately pressing, with invitations to pay immediately to avoid unpleasant consequences. The third concerns the link itself: it is often shortened or has a domain that does not correspond to that of the official website of the organization that cyber criminals want to impersonate. Finally, any direct request to enter credit card information or login credentials should be treated as a clear and unambiguous red flag.
The general rule in these cases is not to interact with the message. This means that you should not click on the link, nor reply and open any attachments. The correct action is to block the sender number and report the incident to the Postal Police. To check your position with respect to any pending motorway payments, it is always advisable to consult exclusively the official Autostrade per l’Italia website or contact the toll-free number 803 111.
If, however, you have already clicked on the link and entered your payment details, you need to act quickly to try to save what can be saved, as they say. The first step is to contact your bank to block potentially compromised cards and accounts. The second is to change the passwords of all accounts that may have been exposed, starting with those linked to financial instruments. We also recommend enabling or testing two-factor authentication on sensitive accounts. The sooner you intervene, the lower the potential damage.
