Identity theft is on the rise. Here are the new tricks used by web pirates.

Internet scammers are inventing something even more daring. They study, apply themselves, use their imagination, and don’t stop. Defenseless citizens? It’s quite a challenge. They are criminally skilled, increasingly sophisticated. We are willing fighters. But woe betide anyone who has a moment, even a moment, of distraction. Identity theft is definitely the new frontier. Disguised in our personal details, the criminal can attempt anything: from signing installment contracts, grabbing the asset and then disappearing, to… clandestine sale of one of our properties at a rock-bottom price, perhaps contenting ourselves, after the probable discovery of the deception, with only the deposit paid by the unwary buyer (if we’re lucky).

FIRST online has published a series of tutorials to help us face the pitfalls: from the fearsome attacks on our PEC ai fake airline tickets that leave us on the ground, from scam phone calls on energy and telecommunications contracts to criminal organizations that duplicate our identity to rob us or commit crimes crimes in our name.

We have explained to you how to recognize phishing (the deceptive message that diverts us to a fraudulent procedure) and how to activate a first level of defense to build our own telematic barricadesBut the thieves of the third millennium are developing increasingly sophisticated strategies, increasingly imaginative and dangerous tools. Let’s try to keep up to date with some examples. To add them, if possible, to our defense arsenal.

Identity theft is spreading through Spid credentials

SPID, the electronic means of validating our identity presented as secure and inviolable, is actually leaking from all sides. It’s true that it theoretically has only a few months left before being eliminated and permanently replaced by the electronic identity card. But in the meantime, it’s causing a lot of trouble. For the simple reason that each of us can have multiple SPIDs, all fully enabled to access public and private services. Perhaps a professional SPID, which for some types of service could create a… some problems and one from a “normal” citizen. The problem is that a cyber criminal equipped with some skill, but above all with our essential references and a copy of one of our documents of identity, can activate a SPID registered in our name but operated by him without us knowing. This forces us to undergo a complex check with all Italian SPID providers if we want or need to verify the existence of a second (or perhaps a third) SPID in our name.

What can happen? It happens – there is no shortage of cases – that the criminal pretending to be us uses the illegitimate SPID to access, for example, the INPS website or the Revenue Agency website to change the IBAN of pension credit or perhaps tax refunds due to us when we file our tax return.

Countermeasures? We frequently check the accuracy of the data entered into the portals that now control our lives, and a good portion of our money. And at the slightest suspicion or finding, we send a certified email to the service provider targeted by the cyber thief and simultaneously enforce compliance. report to the police.

The new cloning massacre via social media

Facebook profile cloning (and not only) is an old thing, but in recent times the phenomenon has seen a strong resurgence. In the case of Facebook, everything develops in a intrinsic weakness of the primordial social network: public profiles are virtually entirely accessible, including the friends view. In this case, the scammer opens a clone profile with the target’s name, carefully scans the associations among the groups of friends, and identifies a potential friendship to ask for between three people potentially known to a certain person but not yet on their friends list. The goal is to introduce yourself as a friend met and once they have gained their friendship, take advantage of it to weave a web of deception: for example, a request for temporary financial assistance, or the “warm advice” of a highly profitable financial investment platform.

Countermeasures? At the slightest suspicion we contact our friend “live” or ask him reveal the cards even via message asking for feedback on facts or circumstances that only the “true” friend can know.

The “Portuguese” WhatsApp scam is growing.

This scam isn’t entirely new, but it’s been gaining popularity again in recent weeks. It’s called “Portuguese” because it initially involved a text or WhatsApp message from a number with a Portuguese prefix, but now Spanish and French prefixes are the most popular. Here’s the scam: a message from a headhunter On behalf of a multinational company, they inform us that we’ve been selected for a lucrative employment contract and invite us to a hands-free interview via WhatsApp to discuss further. Our contact will provide us with some interesting information, but to “go deeper,” they’ll ask us to provide copies of our documents, perhaps even our IBAN, as proof of our availability for a small initial payment. “advance” compensation as a sign of their seriousness. If we fall for it, the game is over. The scammer has what it takes to attempt identity theft.

Beware of the prying eye of our video camera

What can we say about the recent headlines? Can a famous person really be so reckless as to keep a web-connected video camera running in their bedroom without carefully blocking access? Let’s put it another way: the prying eye of webcams follows us all every day. There are home cameras, but there’s also the webcam on our laptops or cell phones. Prey to intrusions, not easy but not impossible, of any good hacker, perhaps at the service of the thief who explores our house to see if it is worth attempting a theft.

But there’s another way for our images and videos to escape, which isn’t often talked about but represents a huge danger. Everything we store on our smartphone can be hacked by a skilled cyber thief, with a Bluetooth or WiFi connection clandestine activated as needed by another device nearby.

Countermeasures? If possible, try not to store “sensitive” material on your smartphone. And in any case, only activate your smartphone’s Bluetooth and Wi-Fi when you really need them. Meanwhile, protect access to your home cameras with a personal password. Like all passwords, it must be complex and contain numbers, digits, and special characters, different from the default one and also different from any passwords entered by the system installer.

Telemarketing, is the torment over? It’s not true.

We dedicate the final chapter to an old acquaintance: the massacre of commercial phone calls that each of us receives every day also thanks to the trick of caller ID spoofing (link), the fake number that appears when they call us and that prevents identification our interlocutor and track his scams. It should be noted that the “opt-out register” to which one can subscribe to revoke all consent to commercial calls, later extended to mobile phones as well, does not workThere are 32 million confident registrations in the Registry, but the operators hide behind spoofing and operate undisturbed.

The Government and the Communications Authority promised, promise and are theoretically implementing a series of more effective countermeasures To thwart uncontrolled telemarketing, preventing telecommunications operators from forwarding calls appearing to be from landline numbers unless the authenticity and true origin of the numbers is adequately verified “instantly” by the operators’ computer systems and centralized archives. This first measure formally went into effect on August 19th, and will be followed by an identical “filter” for mobile numbers starting November 19th. The initial results? More than disappointing. The first “filter” implemented by the operators, which presents objective implementation difficulties, for now it’s leaking from all sides.

Countermeasures? The indications (link) already provided by are still valid, and even more so. FIRST onlineBut with the foreseeable failure of the discipline introduced by the Authority, it will be appropriate to prepare ourselves to request something more drastic and decisive. For example, a clear ban and the nullity of any contract Contracts entered into over the phone or even in writing following a phone call without any form of certification from a third-party verification and validation body. For now, let’s face it: to avoid uncontrolled telemarketing, the only real solution is to configure our smartphone to ring only for calls from numbers in our address book, diverting all other calls to voicemail: callers will have to leave a “real” name and number.