Fake INPS message, beware of scam running on your phone

In the last few hours, a scam is targeting users via an SMS signed by INPS. It is a smishing attack to steal data from users. Here's how to defend yourself

Computer attacks don't stop even in the times of the Coronavirus, indeed they strike in a more devious and ruthless way. During the health emergency, the government has allocated several funds to citizens and companies, some of these can be requested through the private area of the INPS site.

To access the private area you need to know the credentials, which are provided only by the institution through a secure and confidential procedure. Many users don't know the procedure and criminals are leveraging on this aspect. In this context, a new scam is running in these hours through the cell phones of many Italians. In fact, the attempted attack arrives via SMS asking the user to update the INPS data. The link, however, leads to a website ready to steal the personal information of the unfortunate. The news has been revealed by the Facebook page Una vita da social. Here's what it consists of and how to defend yourself.

Emergency COVID-19: the false message of INPS

As announced by the page "Una vita da social", in recent days is circulating a new computer scam against Italians in the form of SMS. The criminals have constructed a message that reads as follows: "Following your request credit COVID-19 application. Update your data in the inps-informa.online". When you click on the link in the SMS, you land on a site that looks like that of INPS, but actually contains a virus in APK format that automatically installs itself inside your phone. The malware allows criminals to access and control your cell phone and download all of your personal data, including your online banking credentials.

The tactics used by fraudsters are very similar to phishing, but have some differences. Phishing attack is carried out by the hackers via email, while in this case the vector is SMS. That's why it is called smishing, a combination of the two terms "sms" and "phishing". It is necessary to never let our guard down, even when we receive a (seemingly harmless) text message. Not to mention that reading Covid-19 makes people curious and click on any kind of links, even the most dangerous ones. So it's easier for criminals to infect users' devices with malware and steal users' personal data by using the right words.

SMS scams: how to defend yourself

A life on social offers a number of recommendations to avoid harm. First of all, institutional bodies do not invite users to modify data through SMS, messages on social networks or e-mails and, above all, they do not send links to be clicked in order to carry out these operations.

So whenever you receive a message with a link, ignore it and delete it immediately. You must always use the official channels to access your private area, remembering that the safe addresses are those preceded by the words https and the padlock. But let's not be fooled even by this detail: clicking on the padlock you can check the details of the digital certificate. It is necessary to check if the certificate has been issued recently and has a short-term expiration date, in this case it is definitely a scam site.

In case you click on the link by mistake, you should exit immediately and do not provide your personal data for any reason, nor download documents or perform actions required by the site. Often the platforms accessed by clicking the link appear identical to the original ones, in reality they are specially built to deceive users. To figure out if they are the official platforms you need to check their internet address and make sure it is the one you normally access.

The last piece of advice is to always be cautious, especially when surfing online. You should not be in a hurry and make sure that you are surfing in a safe environment, especially when handling or releasing your personal information.