CERT-AGID is witnessing a surge in reports concerning a new wave of phishing scams exploiting the name PagoPA. The phishing messages, disseminated via email or SMS, aim to trick users into making unauthorized payments through fake penalty notices. Affected: PagoPA, users of email and SMS communication.
Keypoints :
- CERT-AGID reports an increase in phishing emails and SMS messages using the name PagoPA.
- Phishing messages impersonate payment requests for alleged unpaid traffic fines.
- The messages contain formal tones and credible references to amounts, case numbers, and impending deadlines.
- The aim is to compel victims to input their credit card details on a malicious website disguised as a secure payment platform.
- CERT-AGID collaborates with PagoPA’s security team to deactivate malicious domains and track associated IoCs.
- Users are advised to verify URLs carefully and be skeptical of requests for personal or banking information.
- Messages should be forwarded to CERT-AGID if there are doubts about their legitimacy.
MITRE Techniques :
- Phishing (T1566): The procedure involves sending fraudulent emails or SMS to lure victims into providing sensitive information.
- Credential Dumping (T1003): Phishing attempts to harvest user credentials through misleading payment portals.
Indicator of Compromise :
- [Domain] maliciosomail.com
- [Domain] pago-fake.com
- [Email Address] [email protected]
- [URL] http://malicious-site[. ]com/payment
- [URL] https://secure-pago[. ]com/login
Full Story: https://cert-agid.gov.it/news/campagne-di-phishing-a-tema-pagopa-false-sanzioni-stradali/