PostePay, beware of fake email that steals data and money

A new phishing attack is underway and this time hackers are hiding behind the identity of Poste Italiane with a fake email from PostePay: how to defend yourself

Hackers have once again targeted users who use a PostePay, the rechargeable prepaid card of Poste Italiane. A fake email sent by attackers hiding behind the PostePay name attempts to steal data and money from unsuspecting users.

This is a major phishing attack campaign, with cyber criminals already claiming several victims. The fake PostePay email has been going around for several weeks now, threatening users that they will no longer be able to use their Poste Italiane prepaid card if they don't accept changes to their SPID digital identity-enabled PosteID service. Obviously, this is just a scam, but the presence of the company's logos has caused many to fall for it. So here are some tips to defend yourself from these phishing attacks and keep your data and your bank account safe.

PostePay, the fake email to steal your data

For a few weeks now, the circulation of a fake email from Poste Italiane has been reported, specifically targeting those who own a PostePay. The content of the email claims that if you don't click on the link and enter your data, you will lose the possibility to use your prepaid card.

Here is the text of the fake email from which to defend yourself:

"Dear Customer,

We inform you that the General Conditions of the Digital Identity Service "PosteID enabled to SPID" have been modified in the new version.

What does this mean for you?

The basic service, as described in the General Conditions of Service, is free of charge for individuals. There are no changes in the functionality and use of the Digital Identity.

Future changes to the General Terms and Conditions of Service will be communicated to the cardholders in advance, by means of a specific notice on the Site or on the Notice Board or through other channels or methods that Poste may decide to adopt.

Please note that,

You can no longer use your PostePay card if you do not accept the contractual changes. We also need your cooperation, you will have to update your online profile information within 48 hours of receiving this communication."

Phishing, Poste Italiane's advice for defending yourself

After the various phishing campaigns that have targeted Poste Italiane customers, the company has created a special web page "How to defend yourself from online and app scams" published on its website. The biggest risk, they explain, is that of having one's personal data stolen, which could be used to empty one's bank account or, in this case, PostePay cards.

To defend themselves, users should remember that Poste Italiane and PostePay never ask for confidential data either via email, text messages, social network chats or even call center operators. If someone asks for this information, it could be an attempt at fraud and you should never reveal it. For this reason, it is good to never click on suspicious links in emails and SMS, and always check the reliability of the message: check if the sender is an official address or number, if there are spelling mistakes and in case of the presence of attachments, you should never open them. Whoever receives the fake PostePay email can report the fraud attempt to [email protected]. Then, trash the email and delete it from the recycle bin.