Phishing campaign impersonates Italian Ministry of Health

During January 2026, Italian authorities identified and publicly announced a new series of phishing attempts targeting the population, in which cybercriminals impersonated the Italian Ministry of Health and the official Tessera Sanitaria system. The first alerts came after an increase in fraudulent emails that appeared to be institutional communications, prompting the intervention of national cybersecurity agencies. From the early days of the campaign, the focus was on the need for public awareness and verification of official sources.

The fraudulent campaign of fake emails reported an alleged expiration or need to renew the health card and contained links to fraudulent websites that replicated the design of the Ministry of Health. The aim of these attacks was to obtain personal and health data, such as name, date of birth, address, or contact information. Those most affected were Italian citizens, especially older people or those less familiar with digital procedures. In response to this situation, CERT-AGID and the Ministry of Health itself issued official statements clarifying that personal data is not requested by email or through external links. Measures were also taken to detect and block the malicious domains used in the campaign.

The incident is being actively monitored by the authorities, and no direct breach of the Ministry of Health's official systems has been confirmed. Awareness campaigns continue, with clear recommendations to citizens to delete suspicious messages and use only official institutional channels. Going forward, the authorities plan to strengthen surveillance of new similar campaigns and improve preventive communication mechanisms with the population.