A fraudulent campaign that uses false e-mail messages apparently connected to the Revenue Agency is trying to hit citizens and professionals with the aim of subtracting e-mail credentials. The alarm was given the Italian tax authorities through a post on its official website. The communications in question do not come in any way by the Revenue Agency, but accurately imitate the layouts of Wetransfer notifications, a well -known online service that allows you to transfer large files. To defend yourself from Phishing’s online scam it is important not to click on any button or links contained in the fraudulent email.
How the new Phishing of the Revenue Agency works
Going to see in more detail how the attempt to scam works, you can immediately notice that it turns out to be particularly insidious, especially for less aware users, as it combines two elements that tend to reassure those who receive the message: on the one hand the similarity to the layout of communications from a family digital service to millions of users (the aforementioned Wetransfer), on the other the simulation of an institutional domain with suffix with suffix “.Gov.it” in the heading of the email, which recalls the legitimacy of Italian public institutions.
The content of the message is designed to generate urgency: between the lines an imminent fake deadline appears, as “expires today”, which pushes to click on the “Download the files” button. Once pressed, no tax document opens, but you are addressed to a web page controlled by the scammers, designed to steal personal access data. Yes, because the email in question represents a classic phishing attempt.
The term “phishing” indicates a method with which an attacker tries to deceive a user by convincing him to provide confidential information, as access credentials, bank data or other sensitive information. The word derives from “Fishing“(Fishing), because the scammers launch a digital bait hoping that someone takes. In the case of false communications they call the Revenue Agency, the bait is represented by an alleged tax document, which appears consistent with the institutional tasks of the body and which could therefore convince the user to download the files in question. This is because the IT criminals almost always exploit a likely context to increase It acts impulsively without checking all the details of the case.
How to defend themselves from the fake email of the Revenue Agency
The Revenue Agency has released a notice to clarify that they have no link with these communications. To defend yourself from the new Phishing of the Revenue Agency it is essential so don’t click on any link, do not open attached and do not provide sensitive information. Even a phone call that seems to come from the body and which refers to these e-mails must be considered suspicious: the scammers could contact you to extort further data, but no institutional structure asks for passwords or bank details via e-mail or by telephone.
In case of doubt, the safest way is always to compare the message with the official communications published on the Revenue Agency portal, consulting the section dedicated to reports and phishing. It is also possible to contact the territorial offices or official contact details available on this page. And if you have already fallen victim to a scam of this type, the advice we give you is to report it to the postal police.
