THE'Revenue Agency invites public administrations, private structures and persons registered with professional associations to monitor the correspondence received through PEC (Certified Electronic Mail), the reason for this alert should be sought in a recent campaign phishing who would be targeting in particular those who have to manage electronic invoices.
To make this attempt at deception particularly insidious would be the fact that it is based on a message taken word by word from a previous sending of theSDI, the Interchange System at the base of Electronic Invoicing. To characterize it would be in particular the object "File Submission
The purpose of the phishing campaign would seem to be to collect sensitive data from the recipients, information that could be useful to launch a further, even more targeted attack. Fortunately, there are several ways in which to recognize a secure PEC email from a message specially packaged for an attempted fraud.
In this regard, the Inland Revenue itself recalls that the senders of communications sent by the SDI are characterized by the format "[email protected]", where is it "NN"is a progressive 2-digit number. Pay attention to the fact that the attachments must always be two, the SDI does not in fact send emails without attachments or with a single attachment.
Among the other elements that should invite caution, there is also the fact that PECs for phishing often invite recipients to send their communications to a sender other than the current one. A request of this type, completely abnormal with respect to the procedures of the SDI, should be sufficient to decide to trash the message.