The Inland Revenue would have confirmed the existence of a phishing campaign based on sending messages via Certified Electronic Mail (PEC), such malicious communications would be sent in the name of the Italian Tax Authority in order to deceive the recipients by leveraging the well known fear of citizens for this institution.
The statement underlines the fact that the PEC addresses used for deception attempts would be formally valid but not belonging to the Inland Revenue, the messages would be addressed both to private individuals and professionals with the intention of creating as many victims as possible and increase the range of the campaign.
To characterize the fraudulent messages would be primarily the object of the communication that would present a code very similar to those normally used by the Agency to register the mailings, the format chosen would correspond in fact to "COMMUNICATION XXXXXXXXXX (ENTRY | AGEDCXXX | REGISTER" that easily could mislead recipients.
The real danger should however be represented by the attachment associated with the message, specifically a compressed archive in Zip format which in turn would contain an invalid PDF document and a VBS file. The latter would have been packaged with the aim of downloading a malware designed to take control of the target system.
According to some reports, the malware would function as a sort of ransomware by subtracting data from the attacked terminal. The seizure of the information would be followed by a request for redemption, but to date it is not known whether some of the users involved have provided for its payment and whether this has served to regain possession of the stolen property.