Share

FIRSTonline Banner

Web pirates, a new attack: from the masked guarantor to the "Truman Show" scam

"Urgent" messages and invitations from the Revenue Agency and even from consumer associations. But it's all fake. With the new year, even more sophisticated deceptions and traps are emerging, leveraging the latest advances in social engineering. But we can protect ourselves.

Web pirates, a new attack: from the masked guarantor to the "Truman Show" scam

A reassuring sender, like the Revenue Agency or a trusted friend who writes to us via WhatsApp. To accompany the message, here's a small but very clever injection of fearThe game is done, according to the intentions of the internet scammers. It's true that we have learned, little by little, not to fall for it. But with the perverse refinement of social engineering, that is, psychological manipulation via the web to steal sensitive information and guiding behaviors, the fight against cybercriminals who try to steal our trust, and above all our money, becomes even more difficult.

Many people fall for it, even some self-proclaimed experts in online living. The new trick? Skillfully blending signals of trustworthiness with clever hints of urgency, along with the accompanying anxiety. Not to mention the old lure that still works: the unmissable offers to make money, provided of course that feedback is given immediately and precisely.

Identity theft remains the undisputed protagonist. Are citizens becoming more cautious? The internet scammer is upping the ante and perfecting his techniques. There's no shortage of truly insidious innovations. Here's a selection, complete with warnings coming directly from the institutions criminally implicated to make the scams more subtle and powerful. As always, they follow variable patterns, but fortunately, they have very similar frameworks. Allowing us, in their goodness, to raise the antennas to understand that something is not working.

The cloned Spid becomes even more sneaky

Spid, the certification method that marries our unique identity to the services of the public administration, remains in the crosshairs also due to the sensational security flaws which seriously call into question its primary purpose.

The stop is repeated with worrying frequency by the Postal Police, directly from theAgency for Digital Italy, but the latest criminal campaign by cyber pirates is taking on even more sophisticated and devious contours in recent weeks.

Web criminals spread a completely random and massive Phishing via email, inviting the citizen to urgently log in, through a well-defined but obviously fake link, to what appears to be the Revenue Agency's reserved area. The SPID login page is very similar to the official one, but with one difference: we are not only asked for our credentials, but also for a "verification check" with the invitation to re-enter our details. personal data sensitive information, from your tax code to your residential address, as well as a passport-sized photo of us.

We enter our digital identity credentials and the requested data. And here is the "simple" or "linked" scam. In the first case, which in any case has disastrous results for us, we become victims of a total identity theft which cybercriminals use to assume our appearance to carry out a potentially endless series of fraudulent operations. Starting from a practice that is becoming a classic and which is based precisely on intrinsic weakness of the Spid system.

With the data stolen to assume our digital form, a new, parallel SPID is simply activated, which doesn't deactivate the original one but duplicates it. Yes, because although even the institutional architects of SPID still don't seem to realize it, it's entirely possible to activate more than one SPID registered to the same person with absolutely equivalent functions. We can imagine the disasters that could ensue. And how appropriate it is. generalized replacement of the Spid – as the current government had also announced – with the much more secure electronic identity card, which has identical functions but much more effective protections.

But criminals aren't satisfied with this, and in many cases they give us an immediate taste of the disaster to come. How? Here's the "chained" approach: our first login, which is used to steal our identity, is accompanied by the notification of a fine—not so severe as to raise our alarm—to be paid via a bank transfer to bank details that, upon closer inspection, reveal themselves to be associated with a foreign account that eludes the new requirement of rigorously matching the IBAN to a specific name in order to properly complete the transaction.

Let's not fall for it. At the first vague sign of possible fraud, we contact the institution directly which masks criminals through toll-free numbers or by rigorously logging into their official web pages.

The little dancer who traps you

The message comes from a known contact, a friend we trust. Unfortunately, the "friend" account has already been compromised, perhaps thanks to the same scam the fake friend is trying to trick us into. It's not them who's writing to us, but the scammer. The text is accompanied by a photo of a little girl participating in a fictional dance competition. How could we not respond to the invitation to vote for that sweet image by clicking the link provided? That's the trick, the scam.

Clicking on the link opens a page that appears only after an equally phantom anti-fraud procedure: you must enter your mobile phone number, which we must indicate, to which we will receive a validation code via SMS. In reality, this activates one of the methods that allow you to install the web version of WhatsApp on your smartphone as an alternative to the procedure that requires scanning a QR code. Unfortunately, when we enter our mobile phone number and codes along with our personal data, it is the cybercriminals themselves who to take control of the newly activated WhatsApp account. And so identity theft begins, with its first operational consequence.

At this point the dancer's scam generally follows this script: while trying to multiply the number of scammed people by distributing with the fake account further invitations to strengthen the garrison of deception, the family and friends of the real account holder (this is level two, the one of the real scam that is being attempted to be carried out successfully) are reached by a request, motivated by a sudden urgency, of to pay a sum of money with a bank transfer to the usual fraudulent IBAN, certified on a foreign account.

Implicit advice: for every request for money, we should check directly with the recipient of the message we received before taking any action. A childish but appropriate recommendation, given the number of victims the "fake dancer" continues to claim even today.

Excellent investment? The fake guarantor certifies it.

Woe betide anyone who doubts the leading and esteemed consumer association Adiconsum. But no. It is Adiconsum itself that... complaint: Internet criminals copy the brand, build a website, hook the customer, and pamper them with recommendations. What recommendations? That of confidently investing their savings through an intermediary, providing extensive and detailed guarantees.

Adiconsum has just realised that it is itself a direct victim of financial investment scams after having spread a warning just two days earlier. detailed warning on one of the most subtle and sophisticated modalities of these deceptions, the so-called scam of Truman show, the 1998 film in which the protagonist (played by Jim Carrey) is unknowingly immersed in a film set.

The Truman Show scam works like this. We receive text messages inviting us to move the exchange of information to a WhatsApp or Telegram group. This cleverly depicts a forum composed of financial advisors and expert members of the group, complete with certifications of their successes, accompanied by fake newspaper articles and images created with artificial intelligence. This all leads to an intense exchange of opinions, advice, and compliments among the group members. In reality, it's all done with a simple WebView loaded onto a servers in the hands of scammersThe decoy site features textual and visual content that falsely demonstrates, through what appears to be a professional trading platform, a series of graphs on financial operations from growing profits.

Participate? Why not. Perhaps with the prudential contribution of limited sums. At that point we fall into the trap of trap Some requests: a copy of an ID, a passport-sized selfie, sensitive personal information, and of course an initial deposit via bank transfer, cryptocurrency transfer, or other methods to activate our unmissable investment. These sums will vanish into thin air. And in the meantime, we're opening the door, here too, to massive identity theft. With all the possible (or rather, more than probable) consequences.

comments