CERT-AGID received notification from INPS about an active phishing campaign that uses the INPS name and logo to trick victims into uploading identity documents and personal data. The fraudulent site has added new pages requesting CUD and detailed employment/income information to build more complete victim profiles potentially usable for higher-value financial fraud. #INPS #CERT-AGID
Keypoints
- CERT-AGID was notified by INPS of a new phishing campaign impersonating INPS to collect personal documents and data.
- The phishing site reproduces the usual document collection flow (health card, driver’s license, identity card, pay slips, selfie).
- New pages now request CUD uploads and detailed employment information (job position, employer, hire date, contract type).
- The addition of income and employment data allows attackers to build more complete victim profiles combining identity and financial documentation.
- Likely objectives include enabling frauds tied to loans/financing or selecting higher-value victims based on income and job stability.
- CERT-AGID requested takedown of the malicious domain and distributed Indicators of Compromise to accredited Public Administrations.
MITRE Techniques
Indicators of Compromise
- [Domain ] Malicious phishing domain referenced – specific domain name not disclosed in the article; CERT-AGID requested its takedown.
- [Link ] IoC download link – article references a “Download IoC” link but does not show the actual URL or list of indicators.