← Return to the homepage

Scam-prevention guide

Recognize suspicious messages, avoid fraudulent websites and find the official channels for reporting a possible online scam.

Important information

Percorso Cittadino helps you understand Italian administrative procedures but does not replace public authorities. Before submitting applications or making decisions, always verify the official institutional links provided on this page.

Do you need to report a scam?

Percorso Cittadino does not collect reports or personal information. This guide helps you find the appropriate official channels. Contact the competent authorities immediately if there is an urgent or immediate danger.

When to use this guide

Use this guide when you receive a text message, email, telephone call, link or other communication that appears to come from a public authority, bank, online service or payment platform but does not seem trustworthy.

Where should you start?

I want to check whether it is a scam

Examine the sender, destination link, request for information, urgency of the message and any errors or unrealistic promises.

I want to report it

Do not send personal information to Percorso Cittadino. Use the official reporting channels shown in the official-links box.

I have already opened the link

Do not enter any further information. Change affected passwords, check financial transactions and contact the relevant service.

I entered personal or banking information

Act immediately. Contact your bank, card provider and the affected service, and consider filing an official report.

Possible warning signs

A fraudulent communication can appear genuine. Check these warning signs before opening a link.

You are told to open a link immediately.
You are asked for a password, PIN, OTP, security code or banking information.
The message refers to an urgent account block, fine, refund or immediate payment.
The link does not appear to belong to the authority’s official website.
The sender uses a familiar institutional name but an unusual address.
The communication contains errors, unusual wording or unrealistic promises.
You are asked to install an application, open an attachment or scan a suspicious QR code.

What to do before opening a link

1. Stop and avoid acting under pressure.
2. Do not open links received by text message, email or chat when you have doubts.
3. Visit the official website by typing its address directly into the browser.
4. Check whether the authority has published warnings about phishing or fraudulent communications.
5. Do not enter passwords, security codes or banking information through a received link.
6. Verify messages about payments, fines, benefits or refunds through official sources.

What you should never do

  • • Do not open links contained in suspicious text messages or emails.
  • • Do not trust a message only because it appears to come from a bank, Poste Italiane, INPS or another recognized authority.
  • • Do not enter passwords, PINs, OTPs or security codes after opening a received link.
  • • Do not provide banking information through received links.
  • • Do not download suspicious attachments.
  • • Do not install applications recommended through unverified messages.
  • • Do not make a payment unless the website and communication are clearly official.

Once personal or banking information has been entered, stopping the fraud or recovering lost funds may become considerably more difficult.

Where to report it

For online reports involving possible cybercrime, consult the official services of the Italian Postal Police. For fraudulent tax communications or messages using the name of a public authority, also check the official security pages of the authority involved.

Italian Postal Police

For official online reports and information concerning cybercrime.

Italian Revenue Agency

For fraudulent emails, false refunds, fake tax communications and suspicious messages concerning Italian taxes.

INPS

For fraudulent communications concerning benefits, refunds, applications or requests to update personal information.

AgID, SPID and pagoPA

For security notices concerning digital identity, public online services and digital payments.

If you have already entered information

Act immediately. Change affected passwords, block cards or access where necessary, contact the bank or service involved and preserve evidence of the communication. Contact the competent authorities in serious or urgent situations.

Goal of this guide

At the end of this guide, you should understand how to recognize a suspicious communication, what to avoid, how to protect yourself and where to find the official reporting channels.