A targeted phishing campaign aimed at SPID users has been identified, utilizing the name and logo of AgID, along with a fraudulent domain. The email urges users to update their documentation, seeking to steal SPID credentials and personal identification documents. (Affected: SPID users, AgID)
Keypoints :
- Phishing campaign targets SPID users using AgID’s name and logo.
- The scam uses a recently registered fraudulent domain: agidgov[.]com.
- Email subject: “Imminent SPID Suspension: Mandatory Action” prompts users to click a malicious link.
- Objective is to steal SPID credentials and identity documents.
- Instructions in the email require users to follow specific video recording guidelines.
- Request made to deactivate the malicious domain to prevent further compromises.
- IoCs disseminated through the CERT-AGID Feed.
- Recipients are advised to be cautious with suspicious communications.
- Users can forward suspicious emails to [email protected].
MITRE Techniques :
- Phishing (T1566) – The campaign utilizes a fraudulent email to trick users into providing sensitive information.
Indicator of Compromise :
- The article mentions the fraudulent domain agidgov[.]com used in the phishing campaign.
- Indicators also include potential phishing email subjects and the methodology for identity theft.
- Details of the IoCs related to this campaign were shared via CERT-AGID’s IoC Feed.
Full Story: https://cert-agid.gov.it/news/campagna-di-phishing-spid-tramite-falso-dominio-agid/
Views: 25