AgID has received reports about a new phishing campaign aimed at local authorities to communicate the federation to SPID.
What is phishing
Phishing is a type of computer fraud which has the objective of subtracting sensitive data victims by posing as a reliable source or contact.
The weak point that the phishing attack leverages is the user’s lack of attention or difficulty in recognizing the danger. Often, the spoofed sender is someone the recipient knows, so they can easily fall for the mistake and not realize the true origin of the message. Believing that it is reliable, the user follows the instructions in the message text and, accordingly, provides personal data to the criminals who take possession of it.
In the reported case, the body of the email resumes a text which had actually been used by the Agency during the pandemic period and is no longer current today.
Furthermore, both the original and fraudulent emails contain an attachment in .zip format and therefore the recipient could be deceived and induced to open it with the risk of compromising his system. AgID recommends that entities pay the utmost attention if they receive similar emails.
The intervention of CERT-AgID
Following the report, CERT-AgID carried out the necessary investigations, recognizing the distribution of the in the campaign Malware Pikabotwhich has already been demonstrated in recent weeks and whose aim is to take control of the compromised system.
The indicators of compromise detected during the analyzes have already been distributed to public organisations accredited to the IoC Flow of CERT-AgID.