A sophisticated phishing campaign targeting Italian bank users exploits the SPID service to steal credentials. The fraudulent page mimics AGID branding and prompts users to update their credentials to maintain SPID access.
#SPID #AGID #CERT-AGID #phishing #APK
#SPID #AGID #CERT-AGID #phishing #APK
Keypoints
- Phishing campaign targeting Italian bank users reported to CERT-AGID.
- Fraudulent webpage mimics AGID branding to deceive users.
- Users are prompted to update SPID credentials to access online services.
- Link leads to a site that requires users to select their bank for identity verification.
- The phishing page replicates the login form of the chosen bank.
- The template may deliver an APK if viewed from an Android device.
- Users are advised to avoid suspicious links and verify website authenticity.
MITRE Techniques
- [T1566] Phishing β Deceives users into providing credentials via a fraudulent webpage. [ βUsers are deceived into providing credentials through a fraudulent webpage.β ]
- [T1003] Credential Dumping β Attackers aim to capture user credentials for unauthorized access. [ βAttackers aim to capture user credentials for unauthorized access.β ]
Indicators of Compromise
- [Domain] context β cert-agid.gov.it
- [URL] IoC feed page β https://cert-agid.gov.it/scarica-il-modulo-accreditamento-feed-ioc/
- [URL] IoC JSON download β https://cert-agid.gov.it/wp-content/uploads/2024/09/SPID_2024-09-18.json
- [URL] Original post page β https://cert-agid.gov.it/news/in-atto-una-campagna-di-phishing-bancario-a-tema-spid/
- [File name] phishing_bancario_SPID_1.png β image shown in article
- [File name] phishing_bancario_SPID_2.png β image shown in article
Read more: https://cert-agid.gov.it/news/in-atto-una-campagna-di-phishing-bancario-a-tema-spid/