Threat Research

Phishing and Spam via PEC: Over 650 Events Managed in 2026

Italy-Cert-agid
Phishing and Spam via PEC: Over 650 Events Managed in 2026
CERT-AGID reports a steady rise in suspicious and abusive messages sent through legitimate Italian PEC mailboxes, with over 650 events handled since January 2026. The agency is coordinating with PEC providers to reset compromised accounts or shut down malicious ones, while warning recipients not to click suspicious links or open unknown attachments. #CERT-AGID #PEC #[email protected]

Keypoints

  • CERT-AGID continuously monitors the Italian PEC ecosystem for abusive and potentially malicious activity.
  • Since January 2026, more than 650 events involving abused PEC mailboxes or accounts created for illicit purposes have been handled.
  • The trend shows increasing interest from threat actors in abusing PEC, a channel generally perceived as trustworthy and secure.
  • When a legitimate PEC account is compromised, CERT-AGID requests a reset from the responsible PEC provider.
  • When a PEC mailbox is registered solely for malicious use, CERT-AGID requests its shutdown.
  • Recipients are warned that PEC guarantees delivery only, not message safety, and may contain malicious links, infected attachments, or fraud attempts.
  • Users are advised to report suspicious abuse to the PEC provider and to CERT-AGID at [email protected].

MITRE Techniques

  • [T1583.001 ] Acquire Infrastructure: Domains – Threat actors abuse or register legitimate PEC mailboxes to support illicit messaging and delivery (‘caselle registrate per finalità illecite’ / ‘mailboxes registered for illicit purposes’).
  • [T1566.002 ] Phishing: Spearphishing Link – Suspicious PEC messages may contain links to malicious sites used in scam or phishing attempts (‘link a siti malevoli’ / ‘links to malicious sites’).
  • [T1566.001 ] Phishing: Spearphishing Attachment – PEC messages may include infected attachments delivered through compromised or abusive mailboxes (‘allegati infetti’ / ‘infected attachments’).

Indicators of Compromise

  • [Email Address ] reporting channel for suspected abuse – [email protected]
  • [Service/Platform ] abused communication channel – PEC (Posta Elettronica Certificata)
  • [Organization ] monitoring and response entity – CERT-AGID

Read more: https://cert-agid.gov.it/news/phishing-e-spam-via-pec-oltre-650-gli-eventi-gestiti-nel-2026/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint