Phishing, smishing and fake call centers: the vademecum to defend against computer crimes
27.2% of Italians have suffered an online scam and 15.3% have been victims of deception through false identities. INPS publishes a citizen-friendly guide
09 Aug 2022
Almost one in three Italians (27.2%) has been the victim of a computer scam. 15.3% were deceived by a false identity, and 13.2% were subjected to identity theft. This is revealed by the second 2022 report by Eurispes, which sheds light on the frequency and spread of electronic crimes.
The increasingly widespread use of a series of different tools and channels can expose us to risks, especially that of the theft of personal and sensitive data. To try to counter the phenomenon of computer scams, therefore, INPS has developed a vademecum to help users recognize and defend themselves from any attempts at fraud or deception, which occur in different ways.
In particular, some methods of computer fraud or telematic deception are identified, but also in the first person, carried out against INPS users: online phishing scams, smishing; telephone scams; false INPS officials; loans and misleading advertising. On the subject of computer scams, the Institute, on its website, provides a series of useful tips and information on how it contacts users, in order to alert you to possible false communications that hide scams and scams.
Index of topics
• Phone scams
• Misleading use of the INPS name
Phishing is one of the most widespread and dangerous cyber scams. In summary, it consists in the theft of sensitive data through deceptive e-mail messages that may seem to the user to be sent by a credible user, in this case by INPS. The purpose of phishing is to convince the user to provide sensitive data, access codes and other personal and confidential information to obtain an economic gain. Phishing is particularly dangerous also because the techniques implemented by cybercriminals are increasingly sophisticated. To counter this phenomenon, INPS has reported on several occasions to its users the methods of computer fraud detected, inviting in particular not to respond to emails that require: updates of personal data or sending of bank details through direct links to receive the crediting of phantom transfers or refunds; download pre-filled bulletins to obtain refunds of alleged contributions paid in excess.
Smishing is a variant of Phishing computer fraud, but implemented via sms, instead of email. The mechanism is similar to that of the email scam, in this case with a text message that seems to come from the Institute and aims to get hold of sensitive data. The incoming sms on the user's smartphone is sent by a false INPS sender, who invites the user to click on a special link indicated in the body of the message to update their personal or bank data, so as to receive payment for an alleged generic or specific service. In this second case, cases of Smishing attempts referring to the universal single check have been reported. As for emails, even text messages often faithfully reproduce characters, logos and colors of INPS, but in reality the links indicated do not lead to web pages of the Institute, instead they serve criminals to steal sensitive data.
Direct phone calls are also one of the tools used by scammers to try to trick users. In this case, a fake INPS operator calls the user's number requesting data relating to the social security position. Other cases have also been reported in which false appointees of the Institute have called unsuspecting users for alleged refunds for incorrect calculations in the paycheck or pension. Of course, the attackers were aware of information about the user, such as address, place of work, support bank.
Misleading use of the INPS name
Among the various forms of deception there is also that of the improper and unauthorized use of the INPS name by companies in order to offer services in deceptive terms. In practice, these are financial operators who, for example, advertise hypothetical loans affiliated with the Institute, repayable with the assignment of the fifth of the pension. To counter this form of deception and protect pensioners, INPS dedicates a page of its website to the updated list of affiliated financial institutions for the granting of loans based on the assignment of the fifth of the pension at a subsidized rate compared to those of the market.
To help users recognize any attempts at computer fraud, telephone or in person, INPS reminds that the institute never sends e-mail messages with attachments to download or clickable links; never acquires bank details or data relating to economic or financial information of the user by telephone; it never sends its officials directly to the user's home. For this reason, it is not necessary in any case to follow up on any requests that arrive by uncertified email, by telephone or by door to door.