New phishing attempt against current account holders in recent days. This time, the customers of Monte dei Paschi di Siena are targeted by scammerswho are receiving a false message signed Mps on their mobile phones, asking them to provide their sensitive data with the sole aim of emptying the bank account of unwitting savers.
Scams, beware of false messages from Mps: the text of the SMS
As often happens on these occasions, the message sent by the hackers tries to obtain the login credentials of the accounts of Mps customers, with the excuse of an unlikely risk of security breach.
The alarm was raised by the consumer association Aduc, which reported the text of one of these fraudulent text messages: “Banca Mps. Your App. MPS is active on a new device in Lugano, if you are not you, block it at the tinyurl.com/allert-MPS-login portal “.
On its website, the association publishes the direct testimony of its press officer, a recent target of this phishing attempt, reporting the best practices to observe when receiving such messages (here we had explained in detail what phishing is).
Assuming that they are not holders of an MPS current account, the Aduc managers sifted through the text received, analyzing it in all parts, and discovering, for example, that “tinyurl.com/allert-MPS-login redirects to allsurgical.net/mps_t/… which at the moment does not work, and if we search allsurgical.net it tells us that access is not allowed because we do not have the necessary credentials. “
“While tinyurl.com is a kind of paid service that allows you to shorten your URLs to manage them better essentially on social networks. This is one of the many methods out there to induce the unfortunate to provide their credentials”Writes the association’s press officer.
Scams, beware of fake messages from Mps: how the phishing attempt works
The words of the message can be different every time, but in the sms there will always be a link on which you are asked to click and which represents the real bait of the scam. In this case, the address leads the unsuspecting account holder to a site apparently the same as that of Mps, in which the user is asked to fill in the username and password fields.
At that point the victim of the scam receives a phone call from a fake bank operator: “Generally this person, using impeccable language, reassures the victim, explaining that he will only have to dictate the password just received on the phone so that everything can be solved” explain from Aduc (here we talked about the last one scam with sms clearing the account of the “blocked card“)
“This happens even if you provide a telephone number equal to that of your bank, where on the other end of the line a person apparently informed but who has nothing to do with the bank and whose purpose is only to capture the credentials for the ‘access to the account ”again underline by the association.
“There are number camouflage systems that are so sophisticated that if you call back the same number as the bank after being called, you are redirected to the scammers without knowing it. When you receive such a text message, if you have any apprehensions, never follow the directions in the messagebut enter with your traditional encrypted systems on your account, calm down and inform your bank of the event “is the final recommendation (here to find out how recognize the scams of fake account clearing text messages).
–
