The phone vibrates, a familiar name appears on the display, and for a second your head stops struggling with reality. That’s where the scam comes in. On 1 April 2026, the Revenue Agency reported new fraudulent communications sent via SMS, with messages that appear authentic because they exploit the falsification of the sender through the technique of spoofed text messages.
The most insidious detail is all here: the phone shows a sender that seems to be the right one and therefore the brain relaxes. The notice published by the Agency invites us to raise our antennas especially when faced with unexpected messages, for example a confirmation of an appointment never made or a communication that arrives out of context. The name displayed matters little, the request that that message tries to drag with it matters a lot.
The matter, among other things, is part of an already visible trail. In the section dedicated to phishing of the institutional portal there is also a warning from 30 March 2026 on a campaign aimed at stealing SPID credentials and a previous warning from 1 April 2025 on attempts based on telephone spoofing. Translated: the script has been spinning for a while, it changes clothes, it changes tone, it remains the same on target.
The Agency invites preventive verification
The official indication remains very linear: do one preliminary check on the “Focus on phishing” page, use the contacts on the institutional portal or contact the competent territorial office. In similar campaigns analyzed by CERT-AGID the operational advice remains identical: leave the link received unchanged, type in the address of the official website by hand, carefully check the domain and go through the organisation’s direct channels. Public bodies, in these cases, play on official paths; scammers play on haste.
The next step usually comes with a fake page built to look real. In the smishing campaigns studied by CERT-AGID, fraudulent sites ask for personal data, IBAN, copies of documents, health card, driving licence, pay slips, selfies and even identification videos. The citizen sees logos, tidy graphics, urgent tones, and meanwhile delivers pieces of identity to strangers with excellent taste for staging.
Anyone who has already opened the link must move immediately
The consequences, in similar campaigns, can become serious: digital identity theft, attempts to activate SPID in the victim’s name, changes to the IBAN to divert payments, use of documents in further fraud. For those who have already uploaded data or documents, the CERT-AGID indicates a precise path: collect the useful material, file a report with the Postal Police, make an online report and carefully monitor accounts and credits in the following months.
It is worth remembering a very simple fact. The sender is now acting. The screen can reassure, the text can seem plausible, the tone can imitate real communication. The defense, at that point, is reduced to an almost banal gesture: closing the SMS, breathing, entering the official channel alone. Everything else already looks like a trap.
