New phishing attempt against existing account holders in recent days. This time, Monte dei Paschi di Siena customers are being targeted by scammerswho receive a wrong message signed by Mps on their cell phones, asking them to provide their sensitive data with the sole aim of emptying the bank account of unintended savers.
Cheating, Beware of False Messages from Mps: SMS Text
As often happens on these occasions, the message sent by the hackers is trying to obtain the login credentials of Mps customer accounts, arguing that there is an unlikely risk of a security breach.
The warning was triggered by the consumer association Aduc, which reported the text of one of these scam text messages: “Banca Mps. Your app. MPS is active on a new device in Lugano, if you’re not, block it at tinyurl.com/allert-MPS- login “.
The association publishes on its website the direct testimony of its press officer, the final target of this phishing attempt, reporting best practices to consider when receiving such messages (here we have Explain in detail what is phishing).
Assuming they were not MPS current account holders, Aduc managers examined the text received, parsing it in all parts, discovering, for example, that “tinyurl.com/allert-MPS-login redirects to allsurgical.net/mps_t/ … Which doesn’t work at the moment, and if we look in allsurgical.net, it tells us that access is not allowed because we don’t have the necessary credentials.”
While tinyurl.com is a kind of paid service that allows you to shorten your URLs to basically better manage them on social networks. This is one of the many methods available To urge the unfortunate to present their credentialsThe press officer writes for the association.
Scams Beware of Fake Mps Messages: How a Phishing Attempt Works
The words of the message can be different each time, but in SMS there will always be a link that you will be asked to click that is the real bait for the scam. In this case, the address leads the unsuspecting account holder to a site that appears to be similar to Mps, where the user is asked to fill in the username and password fields.
At this point, the victim of the scam receives a phone call from a fake bank operator: “In general, this person, using impeccable language, reassures the victim, explaining that he will only have to dictate the password that you just received on the phone so that everything can be done It is solved.” Explanation from Aduc (we talked here about the last one SMS Scam Wipe ‘Blocked Card’ account“)
This happens even if you provide a phone number equal to the phone number of your bank, as it appears that on the other end of the line has informed someone but has nothing to do with the bank and is only intended to obtain the ‘Account Access’ credentials again underline by assembly.
“There are very sophisticated number camouflaging systems so that if you call back the same bank number after calling it, you will be redirected to scammers without knowing it. When you receive such a text message, if you have any concerns, Do not follow the instructions in the messagebut you have to go in using traditional encrypted systems into your account, calm down and report the event to your bank” is the final recommendation (here’s to see how Learn about account erase fake text message scams).
“Infuriatingly humble social media buff. Twitter advocate. Writer. Internet nerd.”