Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

Loading...

Guides

Phishing via PEC: how to defend against scam attempts 

This article examines what PEC phishing is, how to recognize signs of a phishing attempt, and which measures to adopt to protect sensitive data. 

PEC scam attempt

Table of contents

  • What PEC phishing is and how it works 
  • Signs of a PEC phishing attack
  • Examples of PEC phishing: PEC phishing from Aruba and other common cases 
  • How to protect your PEC account and sensitive data 
  • What to do if you fall for a PEC phishing attempt 

The phenomenon of phishing has seen a steady increase, and certified email (PEC) has also become a target for scammers. 

PEC, which ensures the authenticity and traceability of communications, is now widely used by businesses, professionals, and citizens, especially in Italy, where it is also utilized for interactions with public entities like the Revenue Agency and INPS (National Institute for Social Security). 

Unfortunately, due to its institutional use, PEC has become an appealing channel for phishing attacks aimed at stealing sensitive information and login credentials

Online scams through PEC phishing can take various forms, so understanding how these attacks operate and how to defend against them is essential for avoiding personal and financial harm. 

What PEC phishing is and how it works 

PEC phishing is a social engineering technique in which attackers send fake communications to deceive recipients and convince them to click on links within the messages.

These messages appear to be from official entities such as INPS or the Revenue Agency but are, in fact, fraudulent attempts to steal personal data and sensitive information

Scammers often use the names of known institutions and addresses that appear authentic to disguise the phishing attempt and prompt the user to trust the communication.

Example
in a typical PEC phishing scheme posing as INPS, a user might receive an urgent message requesting them to update their login credentials or verify their account, threatening access to essential services if they fail to act. 

Signs of a PEC phishing attack

Identifying PEC phishing requires caution, as fraudulent messages are often crafted to look credible. However, some indicators can help to unmask these scam attempts

One common sign is the presence of suspicious links that, when clicked, redirect to cloned or fake sites designed to steal sensitive data like credit card numbers or passwords.

These links in the message may be disguised, so it’s important to avoid clicking on them without first verifying the message’s authenticity. 

Another sign of PEC phishing is the use of an email address that appears similar but doesn’t exactly match the official institution’s address. Scammers often make small changes to bypass PEC inbox filters and make the communication look authentic.

Finally, language that emphasizes urgency or the need for immediate action is another typical element of online scams

Phishing attack via PEC

Examples of PEC phishing: PEC phishing from Aruba and other common cases 

One of the most well-known cases is Aruba PEC phishing: several users have received fake communications that seem to be from the certified email provider Aruba.

In these messages, scammers request that users click a link to avoid service suspension or to confirm billing details. Aruba itself has warned its users, reminding them to carefully verify each message and never provide personal information without thorough verification. 

Similarly, PEC phishing attacks often use the names of public entities such as the Revenue Agency and INPS

Example:
In a Revenue Agency PEC phishing case, the message might contain payment information or notices related to tax practices, while in an INPS PEC phishing case, it might be a notice to update social security data or bank details. 

In both cases, scammers aim to persuade the user to click a link to update their information, risking the security of their email account. 

How to protect your PEC account and sensitive data 

Protection against PEC phishing requires a combination of awareness and security practices. First, it’s essential to always verify the authenticity of communications: if you receive a message asking you to click a link or update information, check the sender’s email address for any errors or discrepancies. 

Another security measure is to avoid clicking on links directly within the suspicious PEC email. Instead, it’s better to type the official institution’s website address directly into the browser, thus avoiding links in phishing messages.

Additionally, using tools like two-factor authentication adds a layer of protection for sensitive data

Users should also train themselves and stay informed about the most common phishing attack methods by consulting reliable resources.

Many public entities and service providers offer dedicated sections on cyber security, where you can find information on the latest scam attempts and how to defend yourself. 

Finally, installing security software and keeping devices used to access your email account updated is essential to prevent phishing attempts from succeeding. 

What to do if you fall for a PEC phishing attempt 

If you accidentally click on a PEC phishing link, it’s important to act immediately. The first step is to change the login credentials for your PEC account and any other accounts that might have been compromised.

Contacting the customer support of your PEC provider, as in the case of Aruba PEC phishing, can help to resolve the situation. 

Additionally, it’s important to report the incident to the relevant authorities, such as the Postal Police, to contribute to the fight against online scams.

Notifying the Revenue Agency or INPS, in cases where phishing targeted these entities, can also be helpful to prevent others from being deceived. 

To top