The alarm comes, as always in these cases, from Commissariato di PS online – Italy, the official Facebook profile of the State Police. So, it is not the usual hoax inflated to art, but a real danger, which could put at risk our finances. As you can read on Facebook, in fact, a new large-scale phishing campaign is underway that aims directly at the savings of the users.
According to what reported by the men of the State Police, in fact, the hackers would have targeted the customers of Poste Italiane and, in particular, the owners of PostePay cards. As often happens, in fact, cybercriminals aim to take possession of the access data to the web profile connected to the Poste Italiane rechargeable cards, so they can steal money without leaving any traces. In short, a kind of perfect theft that fortunately can be easily shielded: you just need to know how to defend yourself against phishing and social engineering and that’s it.
How the scam against PostePay works
The hacker attacks underway in recent days, although different, have many traits in common. First of all, the channels used to intimidate users and force them to hand over the access credentials to their PostePay account. Cyber criminals use SMS, Facebook Messenger and WhatsApp to contact users directly and try to scam them. The various scam attempts also share the same tactics used by the hackers: social engineering and phishing. A combination that, by appealing to the fears of users and particularly intimidating messages, manages to leverage the subconscious of Poste Italiane customers, thus getting them to hand over their PostePay account access credentials.
How to defend yourself against PostePay scam
As with any phishing attack attempt, there are some “common sense” tricks that allow you to neutralize the hackers’ techniques and keep your data and money safe. First of all, be wary of supposed service centers that show up on messaging apps without you having contacted them. Then, never click on links in messages that are at least dubious: if you really need to access your profile, do it through the official portal, maybe by searching on Google (just to make sure you’re not typing it wrong). Dulcis in fundo, never communicate your credentials via SMS or WhatsApp: in addition to being your “property” (would you ever give your home to the first person who passes by? Then why do you do it with your username and password?), your bank would never contact you to ask for such confidential information on platforms often used by hackers.