A phishing campaign targeting Intesa Sanpaolo users employs fraudulent pages mimicking the “MyKey” security system to steal user codes, PINs, and real-time OTPs. These phishing sites, often distributed via SMS or email, impersonate the bank to authorize fraudulent SEPA transfers.
Target: Customers of Intesa Sanpaolo (Italy)
Threat Level: Critical (Mobile Banking & O-Key Smart Theft)
Phishing Method Description
This attack targets users of the “MyKey” security system used by Intesa Sanpaolo. Scammers distribute fraudulent links via Smishing (SMS) or Phishing Emails, often using an alarming tone: “Your account has been restricted for security reasons” or “An unauthorized login was detected from a new device.”
The link leads to a high-fidelity clone of the Italian login portal. The phishing kit is specifically designed to harvest:
Codice Titolare (Owner Code)
PIN Code
Mobile Phone Number
O-Key Smart / SMS OTP: The fake page intercepts the security code in real-time, allowing the attacker to authorize a fraudulent transfer or change the associated phone number.
⚠️ Red Flags to Watch For
The Deceptive URL: The official domain is intesasanpaolo.com. Phishing sites often use lookalike addresses such as secure-intesasanpaolo.com, mykey-is.net, is-assistenza.online, or free subdomains like intesa-login.web.app.
Urgent Call-to-Action: Messages like “Action Required within 24 hours” or “Click here to avoid permanent block” are designed to bypass your critical thinking.
Direct Link to Login: Intesa Sanpaolo officially states they will never include a direct link to the login page in an SMS or email.
🛡️ How to Protect Yourself
Use the “O-Key Smart” App: Always authorize transactions and logins directly through the official Intesa Sanpaolo Mobile app. Never enter the generated codes on a website you reached via a link.
Type the Address: If you receive an alert, ignore the link. Manually type ://intesasanpaolo.com into your browser or use the official app to check your notifications.
Check the Language: While the phishing pages are often well-translated, look for subtle errors in the Italian text or fonts that look different from the official corporate style.
Reporting: You can report suspicious activity directly to the bank at [email protected] or call the official toll-free number 800.303.303 (from Italy).