The 600€ fake refund scam: the email is not from INPS

INPS warns against the 600€ bonus scam: a phishing message has been circulating in the last few days and is targeting thousands of Italians

The 600€ bonus for VAT holders and self-employed launched by the Government for the months of March, April and probably also for the next few months, is one of the measures that has created more debate in recent weeks. And as often happens, hackers are ready to exploit these situations to create ad hoc scams able to steal money and personal data of unsuspecting citizens.

To launch the alarm is the same Inps, the body designated by the Government to manage applications and the provision of the bonus of 600 €. As you can read in the note published on the website of the social security agency, in recent days is active a phishing campaign to steal the credentials of the credit card, using as bait the bonus of 600 euros. How does the scam work? Very simple, in the text of the email invites the user to click on a link to a web page identical to that of INPS in which to enter the credentials of your bank account to receive the 600 € bonus. In reality, all you are doing is "voluntarily giving up your data" to hackers who, in a matter of minutes, steal money from your bank account.

How the INPS €600 bonus scam works

Phishing scams are one of the most popular methods used by hackers in recent years. The reason is quite simple: many users do not have the skills to recognize fraudulent emails and fall into the traps concocted by hackers.

Before explaining how the INPS €600 bonus scam works, it is necessary to explain what phishing is. It is a fairly recent and rather devious hacking technique. Hackers send users an email, disguising themselves as a government agency or a bank. The email address appears to be the official one, but in reality it changes by a few letters. Few, however, are able to recognize the differences and open the email without any fear. In the text, usually, they talk about some promotion or some problem with the verification of your account and invite you to click on a link.

At this point it opens a page identical to that of the official site, but also in this case it is a copy. Analyzing the URL of the site, you will notice that there is some very small difference with the official one. Unfortunately, there are very few people who carefully analyze these aspects and fall into the trap of hackers. Usually in the page of the site the user is asked to enter the credentials of his current account to verify some details.

Explained what is phishing, it will be clearer how the scam of the 600€ bonus of INPS works. In the email that is circulating in these hours, people are invited to click on a link where they can enter their current account credentials to receive the €600 bonus. But, in reality, it is only a scam to steal the password and steal the money.

The message of the INPS

Also the INPS has intervened on the incident and warned users: ignore any email that invites you to click on a link. Here is the text of the note of the social security agency.

"The INPS warns users that there is an ongoing attempt to scam through phishing email aimed at fraudulently steal the number of the credit card, with the false reason that would serve to obtain a refund or payment of the Bonus 600 euros. We invite all users to ignore emails that propose to click on a link to obtain the payment of the Bonus 600 euros or any form of reimbursement from the Inps. Please note that information on Inps benefits can only be consulted by accessing directly from the portal and that the Inps, for security reasons, in no case sends emails containing clickable links."

How to defend yourself from phishing scams

Phishing is so devious that defending yourself from this type of computer attack and scam is not simple. But by following a couple of tips it is easier to understand when you receive a phishing email.

First, if the text of the email invites you to click on some external link, always be wary. In most cases it is a phishing attack. Also, government agencies and banks rarely ask for users' credentials through an email - they usually use other channels.

When it comes to emails from agencies such as INPS or your own bank, always analyze the sender's email carefully. It seems to be the official one, but in reality it varies for some very small detail. An oversight can be very expensive.