L’Revenue Agency communicated the onset of a new wave of spam which uses the name of the agency to deceive the recipients of the messages. Although for the most knowledgeable people on the subject the problem may seem minor, in reality the threat could be vast: if the entity has gone so far as to communicate what emerged, obviously the numbers of the attack are worrying and the reactions of taxpayers could have generated more of a problem.
Revenue Agency: watch out for malware
The emails refer to “The director of the Revenue Agency” or “The organs of the Revenue Agency”, and contain texts such as:
from the examination of the data and balances relating to the Disclosure of periodic VAT eliminations, which you showed for the second quarter of 2019, some inconsistencies emerged.
It should be clear to everyone that the Revenue Agency does not report any problems via email, nor is the Director of the agency directly dealing with them. The goal of the email is to lead the taxpayer to open the attachment (apparently an Excel file) and according to the Agency’s findings such files contend for malware not better specified, “in order to subsequently acquire confidential information“.
This is the notice issued as a result:
The Agency recommends taxpayers to always carefully check the messages received and, if these appear suspicious, especially if the senders are unknown, not to open the attachments or follow the links in the emails (also to avoid damage to their PCs, tablets and smartphone) and trash them. Furthermore, he specifies that communications containing personal data of taxpayers are never sent by e-mail. Personal information can only be consulted in the tax drawer, accessible through the reserved area on the Revenue Agency website.
Over the past few months, more people have begun to manage some practices online, have begun tending their inbox, and then have begun to deal with problems they previously didn’t know existed. The improvised opening of such an attachment is therefore unfortunately a very common case. The advice is always the same, but it is worth remembering them for the purposes of the necessary disclosure:
- do not open attachments whose origin you are not sure of
- ignore emails whose origin cannot be ascertained (especially when they require opening an attachment or clicking on a link)
- make sure you have an antivirus installed and updated (a few euros of investment, see the offers available)
- keep the operating system up to date by installing monthly patches
Keeping the attention threshold high is essential to prevent attacks of this type from being successful, giving attackers the opportunity to carry out initiatives that can cause serious damage to both private and corporate PCs.