Some scammers are using the name of the Internal Revenue Service for a phishing campaign. Here's what's happening
The Inland Revenue Service is sounding the alarm: don't open messages containing the words "THE DIRECTOR OF THE AGENCY" in the subject line, they are hiding a dangerous phishing attack capable of stealing users' sensitive data. Even the tax collection agency of the Italian State is in the eye of the storm of a phishing campaign: some malicious people are using the name of the Revenue Agency to scam users.
It must be specified that the agency is not in any way involved in this scam attempt, rather it is a victim of the campaign deployed by the malicious people. It's not the first time that a state institution becomes the protagonist of e-mail phishing: in the last months the same treatment was reserved to INPS and also in that case it was necessary the intervention of the National Institute of Social Security to warn the users. The scheme used by the scammers is always the same: they send e-mails with an address that seems to be that of the Inland Revenue and inside the message there is also the logo of the institution. But it is a fake.
Internal Revenue Service, phishing attempt to users: how it works
To explain what is happening is the same Internal Revenue Service in a press release published on its official website. "New phishing attempts are underway to the detriment of users through emails falsely displaying the logo of the Revenue Agency. In particular, the Agency invites users to immediately trash emails that have in the subject line the words "THE DIRECTOR OF THE AGENCY" and that in the text invite to view Office documents contained in a .zipper archive attached to verify the compliance of their payments. The emails, in fact, although falsely reporting the logo, do not come from the Agency, but they are an attempt to acquire confidential information of the recipients."
The modus operandi of the scammers is always the same. Sending the same message to hundreds of thousands of people, with a subject line inviting people to click. In this specific case, there is also an attachment to download. But it is precisely the attachment that hides the malware capable of stealing users' personal data.
How to defend yourself from phishing attacks
The Italian Revenue Agency also provides advice to users on how to defend themselves from phishing campaigns. First of all, always verify the truthfulness of the e-mail address. Paying a lot of attention you will notice that it is slightly different from the official one: it can vary for a letter or a dot. In addition, you should never download attachments whose sender you do not know well: they can hide very dangerous malware and viruses. In addition, the Agency specifies that communications containing personal data of taxpayers are never sent by email. Personal information can be consulted exclusively in the Cassetto fiscale, accessible through the reserved area on the website of the Revenue Agency.