“Dear Customer, to continue accessing the apps it is mandatory to update the data at the following link …” Signed by the Isp Group, or Intesa Sanpaolo. What is coming via text message to several people is the most classic – and probably dangerous – of online scams. A trend that is constantly increasing and exacerbating the health emergency that has caused internet consumption to explode. Bringing people to the web who had never surfed the net before
Intesa Sanpaolo and its customers are therefore once again victims of a full-blown attack: clicking on the link – an operation to be absolutely avoided – opens a screen that recalls the bank in all respects. Of course, the url is different, but it is a detail that is likely to be overlooked by most customers.
Also because the user’s attention ends up being catalyzed by the alert in red: “New access mode”. A message that is also explained in a rational way: “Dear customer, as required by the European Psd2 legislation, to continue to access www.intesasanpaolo.com and to operate online you need to update your data”.
The EU directive has imposed greater security criteria by requiring double authentication to its customers. Reason why such a request might seem somehow legitimate. And then, in fact, a screen appears that requires the entry of personal codes and passwords with which the thieves hope to enter the current accounts of unsuspecting customers.
On the other hand, with people forced more and more often at home by the imposition of restrictive measures launched to counter the spread of the coronavirus, scammers try to seize the opportunities deriving from a greater volume of internet traffic: the data of a recent report by ‘Agcom show how the average traffic has increased steadily since March 2020.
This has created an even more favorable environment for online cheating and various types of cyber attacks. Among these, Agcom always points out financial and commercial scams, such as those relating to pharmaceutical and biomedical products; but also the theft of personal data, with the spread of malicious applications; up to “attacks of a ‘destructive’ nature, such as the encryption of system data followed by the request for a ransom and those aimed at luring minors during video lessons”.