The “Intesa Sanpaolo” email scam is a phishing scam. Phishing is a type of social engineering attack where a cybercriminal sends an email, text message, or phone call that appears to be from a legitimate institution, such as a bank, to trick the victim into giving away sensitive information such as login credentials, credit card details, or other personal information.
In this particular scam, the attacker poses as the Italian banking company “Intesa Sanpaolo” and sends an email to potential victims requesting them to register with the MyKey security service to reactivate their card and make online payments. The email includes a link that leads to a fake web page that looks like the legitimate Intesa Sanpaolo website and requests the victim’s sensitive information.
The attackers behind this scam use this information for fraudulent activities such as stealing money, identity theft, or selling the information on the dark web. It is crucial to stay vigilant and never provide personal or sensitive information in response to unsolicited messages or emails.
QUICK LINKS
- How the scam works
- How to spot and avoid scams like the “Intesa Sanpaolo” scam email?
- What to do when you receive the Intesa Sanpaolo Scam Email?
- Report a Scam
How the scam works
The “Intesa Sanpaolo” scam email is a phishing scam that works by tricking victims into divulging their personal and sensitive information to cybercriminals. The scam works as follows:
- The attackers send out an email that appears to be from the legitimate Italian banking company “Intesa Sanpaolo.” The email may include the company logo, and the text will often appear professional and formal, as if it were written by a legitimate organization.
- The email will usually include a sense of urgency or threat to entice the victim to take action. In the case of the “Intesa Sanpaolo” scam email, the message informs the victim that their card will be limited, and they must register with the MyKey security service to reactivate the card and make online payments.
- The email provides a “ACCEDI ALLA TUA BANCA VIA INTERNET” link to a website that appears to be the official website of Intesa Sanpaolo. However, the website is a fake, designed to trick the victim into entering their personal and sensitive information, such as their login credentials, credit card details, or other identifying information.
- Once the victim enters their information on the fake website, the attackers can use it to steal money, commit identity theft, or sell the information on the dark web.
A typical “Intesa Sanpaolo” scam email reads as follows:
Subject: Avvisi e comunicazioni
INTESA SANPAOLO
Gentile cliente, Roma, 13.02.2023
La tua carta sarà limitata dal 13/02/2023. La registrazione con il servizio di sicurezza MyKey À necessaria per riattivare la tua carta e per effettuare pagamenti online.
Per procedere al registrazione puoi:
ACCEDI ALLA TUA BANCA VIA INTERNET
L’attivazione del Servizio Informativo MyKey è gratuita. Il costo dei messaggi ricevuti è addebitato direttamente dai gestori di telefonia mobile secondo le proprie tariffe negli orari sopra riportati.
Cordiali saluti,
Intesa Sanpaolo
It is essential to note that financial institutions like banks will never ask their customers to provide sensitive information via email or unsolicited messages. If you receive such an email, you should ignore it and report it to your bank to verify if it is genuine. Additionally, it is always essential to stay vigilant and take measures to protect your online identity and personal information from phishing and other cyber threats.
How to spot and avoid phishing scams like the “Intesa Sanpaolo” scam email
Here are some tips to help you spot and avoid phishing scams like the “Intesa Sanpaolo” scam email:
- Be suspicious of emails from unknown senders. If you receive an email from a sender you do not recognize, do not click on any links or download any attachments.
- Check the sender’s email address. Cybercriminals often use email addresses that are similar to legitimate ones, but they may contain subtle differences. For example, instead of “@intesasanpaolo.com,” they may use “@intesa-snpaolo.com.”
- Look for spelling and grammatical errors. Legitimate companies usually have high-quality standards for their communications, and they are unlikely to have spelling or grammar mistakes.
- Check the urgency and tone of the message. Phishing emails often use urgent or threatening language to pressure the recipient to take immediate action.
- Hover over links to see where they lead. Before clicking on any links, hover your mouse over them to see the URL. If the URL does not match the company’s website, it is likely a phishing scam.
- Verify with the company. If you are unsure whether an email is legitimate or not, contact the company using a phone number or email address from their official website to verify if the email is genuine.
- Install security software. Install a reliable anti-virus and anti-malware software on your device to help detect and block phishing scams.
Threat Summary
| Name | Intesa Sanpaolo Email Scam |
| Type | Phishing Scam |
| Associated websites | card-intesasanpaolo.servequake.com |
| Email subject line | Avvisi e comunicazioni |
| Disguise | The email is disguised as a message from Intesa Sanpaolo, a private banking company. |
| Damage | If the recipient falls for the scam and provides their personal information, the scammers can use it for identity theft, monetary loss, and other types of fraud. The phishing page that the email links to is designed to look like the official website of Intesa Sanpaolo, but it is actually a fake page created by the scammers to steal login credentials and other sensitive information from the victim. |
| Distribution methods | The email is distributed via mass email campaigns, and it can also be spread through social engineering and other forms of social media. |
What to do when you receive the Intesa Sanpaolo Scam Email
If you receive an email like the Intesa Sanpaolo email scam, here’s what you should do:
-
Do not click on any links or download any attachments.
The links in the email lead to a fake website that can steal your login credentials and other personal information.
-
Do not reply to the email or provide any personal information.
Legitimate financial institutions like banks do not ask their customers to provide sensitive information via email or unsolicited messages.
-
Mark the email as spam or phishing.
By doing so, you can help email providers to improve their spam filters, preventing future similar emails from getting to your inbox.
-
Delete the email.
Once you have marked the email as spam or phishing, delete it from your inbox and trash folder.
-
Keep your devices and anti-virus software up-to-date.
Always keep your operating system and anti-virus software up-to-date to help prevent future phishing and other cyber attacks.
-
Contact your bank and report the scam.
If you are concerned that you may have fallen victim to the scam, contact your bank and report the incident immediately. This will help your bank to investigate the matter and take appropriate action to protect your account.
By being aware of these types of scams and taking appropriate actions, you can help protect yourself from falling victim to phishing scams and other types of cyber attacks.
Report a Scam
If you have received the Intesa Sanpaolo Scam email or an email that is similar but not the same as the example above, then post it as comment on this article. Please include the email address the email came from. This helps us to warn users about current scams, monitor trends and disrupt scams where possible.
