Sunday, April 28, 2024

Vogon Today

Selected News from the Galaxy

StartMag

Scams to Nexi customers, all the details

1 year ago babelfish

Scams to Nexi customers, all the details

After the scam against Poste Italiane account holders, reports of scams to Nexi customers are increasing on the web. A text message extorts data and money from the unwary. And the victims sue the Italian PayTech directly

The latest bait launched by cybercriminals targets Nexi customers, an Italian PayTech company that offers digital payment services and infrastructures, but in reality similar text messages, more or less credible, bear the name of the most widespread banks. And when the sender catches a customer, shooting randomly, the game is done.

THE SMS TO EXTORT MONEY

“NEXI informs you that it has limited your card/account due to failure to verify web security; Reactivate it now”. Read with a cool head, that message complete with a suspicious link is obviously a trap. However, you have to put yourself in the shoes of someone who suddenly receives it and clicks without thinking too much about it, fearing that suspicious transactions or technical interventions will prevent access to the account.

Because we are all, at least in words, supporters of the immateriality of money, but the real consequence is never really feeling like owners of what we have in our account and that a handful of bits, 1's and 0's arranged in an incomprehensible way, can be easily transferred, with one click, evaporating discrete sums of money in a second.

Also because if it is true that operations, when they take place along banking and digital channels, always leave a trace, it is equally true that servers located across the ocean and hackers skilled enough to cover their tracks do not make it equally easy to recover the stolen goods .

HOW SCAMS HAPPEN TO NEXI CUSTOMERS

Frauds to Nexi customers increased in the autumn even though similar text messages have been around for at least two years. One of the first victims had decided to overcome the embarrassment and tell the consequences of his naivety (which cost him over 2,000 euros) to South Tyrol : I entered, but nothing happens. I then receive a second message, in which I am warned that the operation is not correct and I will be contacted by an operator. Not even ten minutes go by and the call arrives: “The area code is for Milan and there is a person on the phone who speaks correct Italian. 'We became suspicious about some foreign operations on his account,' he tells me. Since it had already happened to me when I was in other countries and I had really made payments abroad, it seems normal to me to receive such a call. But this time I'm in Italy and I'm alarmed: has someone cloned my card? The operator asks me to confirm the last 4 or 5 operations I have done, providing me with the details, which helps me to believe that he is truly a Nexi employee. 'We have to stop operations,' he adds. 'However, you must give me the codes that arrived via text message'. I give him 2 or 3. At a certain point, however, the doubt comes to me: 'Who can guarantee me that you are not a hacker?', I ask him. 'Don't worry: we work to protect customers', is the man's answer, who asks me for another code which I don't provide, however. And fortunately: I would have lost another 600 euros. He dismisses me saying that he will call me back tomorrow”.

In just a few days last fall, the scam authors built a site identical to the original to trick victims into releasing their data by putting psychological pressure on them with excuses along the lines of those reported so far. u

Often to defend themselves against this kind of scam, which once arrived with emails written in an unconvincing Italian while now they have become more refined (after all, there are free translators who can simulate any language, even if in this case the gang of hackers seems to have all internal extension at least one Italian, author of the calls), it would be sufficient to take a look at the link to notice a suspicious URL or one that does not fully correspond to the real one and immediately send a report to the State Police www.commissariatodips.it (which has just published the report with the activities), which for its part has a news section promptly updated with the threats of the last period.

But even in that case it could be too late: one click too many to view the URL could in fact expose us to malware and trojans aimed at extorting all our data anyway. It is surprising that the Italian PayTech, at least at the moment, says nothing either on the site, not even in theonline security section, or on social networks. Perhaps the collective action against the digital payment company presented by a group of hackers scammed will also be based on this. In February the first hearing.

This is a machine translation from Italian language of a post published on Start Magazine at the URL https://www.startmag.it/innovazione/truffe-ai-clienti-di-nexi-tutti-i-dettagli/ on Sun, 08 Jan 2023 19:08:57 +0000.