Increasingly widespread online scams: from false health card renewals to misleading messages on WhatsApp, Instagram and certified e-mail. The Ministry of Health launches the alert and explains how to recognize fraudulent communications to protect personal data
In the varied online world, scammers are finding increasingly sophisticated stratagems to deceive users, causing them to fall into digital traps that are complex to detect. Suffice it to say that in the annual report of the Postal Police, published a few days ago, there is talk of as many as 27,085 online scams and computer frauds in 2025 alone, with 4,489 people investigated. In fraudulent campaigns, web pirates also pretend to be public bodies or social network giants, leveraging above all the urgency to mislead the unfortunate ones.
The health card scam
In the latest online scam, criminals pose as the Ministry of Health: victims receive an email warning them of the false expiration of their health card. Fraudsters exploit the time factor, threatening the risk of not being able to access treatment in the event of imminent non-renewal. So together with the notice, they invite the unfortunate people to click on the “renew your card now” button. This opens a page that collects personal data: at this point you are asked to fill out a form with all your details, from your date of birth to your telephone number, from your residence address to your email address. The aim is to steal sensitive data to perform other illegal actions, including creating false identities and cloning documents.
The alert from the Ministry of Health
The Ministry of Health itself warned citizens on social channels: “False emails are circulating about the renewal of the health card, sent unduly in the name of the Ministry of Health.” And after explaining the criminal scheme, the ministry warns: «Do not click on the links; do not enter personal or financial data; delete the message immediately.” To protect yourself and avoid falling into the trap, it is important to remember that it is the Revenue Agency that automatically sends a new health card to the residence address that has been registered in the Tax Registry. Ergo no one should click on the link in an email.
The ballerina scam
The so-called ballerina scam has recently made a comeback on WhatsApp: a message appears on the messaging app inviting you to vote to support a girl in a dance competition. A link is then shared with the excuse of helping her win a scholarship. What is misleading is the fact that, very often, the text comes from a contact in the address book. And anyone who falls into the trap loses access to their Whatsapp profile, marking the start of a domino effect: once the bad guys have taken control of the account, they send the same message to all contacts and ask for money by pretending to be an emergency situation.
Your Instagram password
Scams also involve social platforms. Users often receive a message that seems to come from Meta given the presence of a logo identical to the official one: “We have received a request to reset your Instagram password.” In the same message, just below, two options appear: “reset” and “it wasn’t me”. In both cases you don’t have to click as a page opens, which perfectly imitates that of Instagram, where you are asked to enter your password and set a new one. Fraudsters thus get carte blanche to manage the account options: they can block it, change the email, change the password again. And the user will no longer be allowed to access their profile, with scammers using it for a wide range of criminal acts – from asking followers for money to sending fraudulent links. It is also not excluded that they sell the profile if an account has a considerable number of followers. And the same mechanism also applies to Facebook. As regards this latest social platform, users lately receive a message saying «We have decided to delete your account.” But even in this case it is a scam.
Scam via certified e-mail
Last week, the Postal and Cyber Security Police reported another fraudulent communication, which this time arrives via certified e-mail. The messages, the Police warn, apparently “come from public bodies, service companies or institutional entities” and “invite the recipient to act urgently, for example by viewing attached documents, accessing links or providing information, exploiting the sense of urgency to mislead the user”. Above all, we must be careful of texts that “report invoices due, alleged delays or administrative anomalies”; «use alarmist or peremptory tones, such as “immediate action required”, “last communication”, “imminent deadline”»; «contain links or attachments that refer to unofficial sites or documents»; “bear logos, headers or references to well-known entities, without the sender actually being attributable to these entities”.
