As we told you in a recent article, after a few weeks of stopping the IT-alert public alarm system has started sending its (deliberately) highly recognizable sound messages to new regions of our country again.
Later we will review the calendar with the next regions involved. For now we will focus on other things. That is, on the fact that the virtuous instrument managed by the Civil Protection hides, despite itself, some pitfalls. In fact, it seems that IT-alert is at risk of phishing.
Let’s first remember what IT-alert is, and then see how it can be used by hackers to plot scams.
As is well explained on a page of the site dedicated to the service, IT-alert is the “new public alert system for direct information to the populationwhich sends useful messages to mobile phones in a specific geographic area in the event of serious emergencies or imminent or ongoing disasters.”
The warning is provided precisely through “a sound that is easily recognizable and different from classic ringtones.” The objective is to minimize individual and collective risks in cases of disasters.
IT-alert e il phishing
Hackers are, by definition, cunning, and they are increasingly sophisticated in their attempts at deception.
That is, they exploit situations such that less astute recipients should have no reason to doubt. They did it in recent months, when they sent messages that looked like they had been delivered by our banking institution. Here they therefore leveraged the relationship of trust.
E in the case of IT-alert, how can we think about phishing? It is a tool in the testing phase which, once operational, will have great importance. Above all, given that in recent times there has certainly been no shortage of natural disasters in our country.
Protect yourself with Bitdefender, the world leader in cybersecurity
The fake message
It is precisely by exploiting the officiality and unsuspectability of the national public alert system that the hackers would act.
Adrianus Warmenhoven, cybersecurity advisor for NordVPN, raised the issue. The scam would be facilitated by the fact that “many people are not yet familiar with the concept of an alert message and what the message itself looks like.”
It is therefore easy for bad actors, taking advantage of the population’s partial knowledge of the tool, to send SMS that refer to fraudulent links. The usual process to extort personal data or money, in short.
The importance of information
For this reason, Warmenhoven continues, It is more important than ever to explain the type of alert of the IT-alert system with the utmost precision. Which doesn’t send any SMS but rather a push messagethat is, a communication that only involves providing consent by pressing the “OK” button that appears on the smartphone screen.
The advice, in these days of testing, is therefore twofold. Meanwhile, any SMS linked to IT-alert are potential phishing attempts, so should be ignored. It would also be good practice to notify the competent authorities.
The data theft hoax
The phishing attempt using IT-alert has some relation to something halfway between hoax and conspiracy theorywhich had taken root on social media as soon as the public alert service was presented.
There were those who cried foul, pointing to IT-alert as a devious tool for population control.
Instead, explained the Civil Protection, “the system is unidirectional (from the telephone operator to the device) and does not allow receiving any type of return data or feedback from the cell phones reached. This means that no personal data of the person receiving the message is processed in any way by the Department of Civil Protection and by the relevant telephone operator.”
And even the questionnaire to be filled out in this testing phase “does not require any personal information, except the city of residence, the brand of the smartphone and the telephone company used, information necessary to evaluate the quality of the service”.
Meanwhile, Tests of the national public warning system continue.
Tuesday 19 September it’s the turn of Basilicata, Lombardy and Molise. On the 21st it will be the turn of Lazio, Valle d’Aosta and Veneto. And the 26th of Abruzzo and the Autonomous Province of Trento. Liguria closes on 27 September and the Autonomous Province of Bolzano on 13 October.
We remind you that the messages reach citizens (with the phone active) around 12.00.