We have illustrated to you in another article what the IT-Alert system is, which involved all our regions, and whose testing phase ended on Friday 13 October with the autonomous province of Bolzano.
We remember that IT-Alert is the national public alert system for Civil Protection information directed to the population. Which, as explained on a page of the official website, is the “new public alarm system for direct information to the population, which sends useful messages to mobile phones present in a specific geographical area in the event of serious emergencies or imminent catastrophes or in course.”
In short: IT-Alert, which has just completed the testing phase, when it is active will allow the Civil Protection to inform the population, “with the aim of encouraging the adoption of self-protection measures in relation to the specific type of risk and the context of reference.”
The fake IT-Alert
This experimental phase, we imagine, will also have served to warn those who developed the tool, because there has been no shortage of scam attempts.
In an article, for example, we told you about the risk of phishing: messages sent by a fake IT-Alert inviting you to click on fraudulent links. From there it could have been a short step to stealing confidential data or emptying the bank account.
In the specific case of Campania, the fake IT-Alert took on the contours of profiteering, because it exploited the population’s fear of possible future seismic shocks. Let’s find out what happened.
The scam in Campania
As scheduled, the test in Campania was carried out on 12 September.
But since the 7th of the same month in the Campi Flegrei area there have been – and continue – several intense seismic tremors, which (despite not having caused significant damage to people or things) have understandably made the inhabitants apprehensive.
And so, exactly as happens with fake news, there are those who have seen fit to take advantage of a particularly emotional state.
This was reported by D3Lab, a company that deals with combating the phenomenon of phishing. The scam is based precisely on a fake IT-Alert, as well as on the fears of the citizens.
The false message
The campaign is linked to a website whose graphics are similar to the official one.
On the home page of the site, which can be reached via Android smartphone at https://italy-governo.site/, we read: “Due to the possible eruption of a volcano, a national earthquake could occur. Download the app to keep an eye on whether the region could be affected.”
At this point, if you logged in with iOS, clicking on the “Download” button will take you to the official website. But for Android users the home link takes you to a fake IT-Alert app. Anyone who downloads it will load malware from the SpyNote family onto their device.
SpyNote malware was created to access home banking systems. The risk is that of theft of credentials, usernames and passwords, but also access tokens for systems protected by two-factor authentication.
SpyNote
It is D3Lab who explains what SpyNote is: “Known since 2022, it has strongly evolved, reaching the third version (SpyNote.C) and usually sold through Telegram by its creator CypherRat. Once launched, the application prompts the user to run the application in the background and grant the threat actor full control of the smartphone through accessibility services. Therefore ensuring the malware can monitor, manage and modify the device’s resources and functionality along with remote access capabilities.”
D3Lab adds: “As usual, we invite users to pay attention and not install new applications that do not come from the official stores.”
How to recognize fake IT-Alerts
IT-Alert will come into operation starting from February 2024.
Which means, first of all, that the system will not send any messages before then. Let us then remember that IT-Alert does not send an SMS but a push messagewhich only involves providing consent by pressing the “OK” button that appears on the smartphone screen.
Furthermore, the sound alert of the message is provided through “a sound that is easily recognizable and different from classic ringtones.”
Finally, the Civil Protection reminds us that “the system is one-way (from the telephone operator to the device) and does not allow receiving any type of return data or feedback from the cell phones reached. This means that no personal data of the person receiving the message is processed in any way by the Department of Civil Protection and by the relevant telephone operator.”