New fake email from INPS, beware: it steals bank data

A new phishing email message puts Italians' savings at risk: here's how to recognize it and what to watch out for.

Hackers continue to launch phishing email campaigns to try to steal online bank account data from thousands of Web users. The latest example of a fake email has the logo of INPS and has been discovered by CSIRT, the Computer Security Incident Response Team which is part of the Presidency of the Council of Ministers.

This message is not 100% accurate, because it is very inconsistent and the careful user can easily see that it is a dangerous email, to be trashed immediately. The subject line of the message, in fact, refers to an unpaid bill but then the text talks about a refund to be collected. The sender of the email imitates the Internal Revenue Service, but then in the body is shown the logo of INPS. On the other hand, however, the text is in good Italian and without gross errors. This could mean that Italian actors are behind this phishing attempt, who are exploiting already available email addresses to launch different campaigns in an attempt to steal online bank account login information.

Why the fake INPS message is dangerous

In spite of all these limitations, the fake INPS message represents a danger because those who are not immediately attentive and click on the link inserted in the body are taken to a website, with server in Russia, that imitates well the INPS one.

In the fake INPS website the user finds a form to fill in to get the refund (fake, of course): name, surname, date of birth, address and phone number. On the right side there is the second form where the user has to enter the data of the credit card, including the expiration date and the security CVV.

How do hackers steal money from the user

The hackers' trick is simple: with all the data provided by the user they can make a payment with the indicated card, on any ecommerce. The only obstacle is the OTP code, i.e. the second authentication factor required by the credit card to authorize the payment.

This is why the hackers show the user a second screen, in which he is asked to enter the code received on the smartphone. If the user does so, then that's it: the hackers will use it to authorize the transaction and the victim's money will be taken from the card.