New phishing attempt against existing account holders in recent days. This time, Monte dei Paschi di Siena customers are being targeted by scammerswho receive a wrong message signed by Mps on their cell phones, asking them to provide their sensitive data with the sole aim of emptying the bank account of unintended savers.
Cheating, Beware of False Messages from Mps: SMS Text
As often happens on these occasions, the message sent by the hackers is trying to obtain the access credentials of Mps customer accounts, arguing that there is an unlikely risk of a security breach.
The warning was triggered by the consumer association Aduc, which reported the text of one of these scam text messages: “Banca Mps. Your app. MPS is active on a new device in Lugano, if you’re not, block it at tinyurl.com/allert-MPS- login “.
The association publishes on its website a testimony directly from its press officer, the final target of this phishing attempt, reporting best practices to consider when receiving such messages (here we explained in detail what phishing is).
Assuming they were not MPS current account holders, Aduc managers examined the text received, parsing it in all parts, discovering, for example, that “tinyurl.com/allert-MPS-login redirects to allsurgical.net/mps_t/ … Which doesn’t work at the moment, and if we look in allsurgical.net, it tells us that access is not allowed because we don’t have the necessary credentials.”
While tinyurl.com is a kind of paid service that allows you to shorten your URLs to basically better manage them on social networks. This is one of the many methods available To urge the unfortunate to present their credentialsThe press officer writes for the association.
Scams Beware of Fake Mps Messages: How a Phishing Attempt Works
The words of the message can be different each time, but in SMS there will always be a link that you will be asked to click that is the real bait for the scam. In this case, the address leads the unsuspecting account holder to a site that appears to be similar to Mps, where the user is asked to fill in the username and password fields.
At this point, the victim of the scam receives a phone call from a fake bank operator: “In general, this person, using impeccable language, reassures the victim, explaining that he will only have to dictate the password that you just received on the phone so that everything can be done It is solved” Explanation from Aduc (Here we talked about the latest scam with SMS that the “Blocked Card” account has been erased)
This happens even if you provide a phone number equal to the phone number of your bank, as it appears that on the other end of the line has informed someone but has nothing to do with the bank and is only intended to get the ‘Account Access’ credentials back Underline by assembly.
“There are number camouflaging systems so sophisticated that if you call the same bank number after calling, you will be redirected to the scammers without knowing it. When you receive such a text message, if you have any concerns, Do not follow the instructions in the messagebut to enter using traditional encrypted systems into your account, calm down and report the incident to your bank” is the final recommendation (here to learn how to identify fake account blank SMS scams).