Cybersecurity and Fraud Alert
Cybersecurity and fraud prevention: what to watch out for
Cybersecurity
Cybersecurity is increasingly becoming a crucial component for protecting Saipem's know-how and business operations. With the rise of global cyber threats, it is essential to adopt a proactive approach to prevent attacks and mitigate risks. Data protection not only safeguards corporate information but also maintains the trust of clients and partners. Implementing advanced cybersecurity solutions is essential for maintaining the confidentiality, integrity, and availability of data and systems. Cybersecurity is not just a technical issue, but a strategic element that contributes to Saipem's long-term success and resilience. The collaboration of all involved parties is crucial to ensuring effective cybersecurity oversight.
Fraud Alert
Please be vigilant about fraudulent communications that misuse the names, logos, trademarks, and brand of Saipem Group companies, as well as the names of its executives. Saipem has been alerted to a significant increase in internet and email fraud attempts. These scams primarily aim to steal personal and financial information or request payments for false collaboration opportunities and fictitious business activities. Often, these fraud attempts involve the use of email domains that closely resemble the official Saipem one. However, any genuine communication from Saipem will only come from email addresses with the official @saipem.com domain. Similarly, the official Saipem website is www.saipem.com.
To identify these attempts and differentiate them from legitimate company communications, pay attention to the following points:
- Saipem will never request fees or payments during the supplier scouting or onboarding processes.
- Some individuals/entities are offering on behalf of Saipem false job opportunities asking for money, personal data or financial details from the applicants. Please, note that Saipem and its Affiliates recruit their human resources through specific procedures, selecting and hiring candidates adopting criteria of merit, ability and professionalism in all decisions concerning the recruitment of personnel and will never ask for money. Read more here.
- Carefully examine the sender's email address for any typos or other suspicious elements. For example: @salpem.com; @saipen.com, etc. If you have any doubts, verify the sender through open sources and try to contact them using different contact details than those provided in the suspicious communication.
- Carefully read the content of the communication. Fraudulent messages often contain typos, grammatical errors, and other inaccuracies.
- Carefully inspect any websites to ensure they have the original logo, font, and contact information. In general, avoid clicking on links if you have doubts about the sender.
- Be wary of communications that require urgent action and those that do not allow you to contact Saipem through its legitimate and official communication channels.
- Rely solely on the contacts listed on the official Saipem website, as fraudsters may include phone numbers, websites, and e-mail addresses under their control in the message.
- Carefully evaluate the content of the message. If it requests information such as access codes, financial details, or credit card numbers, do not respond to the message.
Ongoing cases 
Saipem has become aware of a spear phishing campaign being conducted by unknown individuals targeting third-party companies.
The ongoing fraud is characterized by the sending of emails from addresses and domains that are deceptively similar to Saipem’s official ones. So far, the use of the following domains has been detected @saipamspat.com, @siapemspa.com, @saipemspet.com, @salpemspa.com, @saipemspait.com, @saipemspa.com, @saipem-spa.com, @spasaipem.com, together with the addresses procurement.saipem@gmail.com, vendorprocurement.saipem-spa@outlook.com, saipemspa.vendor@contractor.net, saipemspa.vendor@contractor.net, procurement.tender@saipem.it.com, and management.saipem@gmail.com
While Saipem is continuously engaged in the takedown of web domains unlawfully exploiting the Saipem brand, utmost caution is recommended in verifying the authenticity of sender email addresses. Please bear in mind that all official communications from Saipem originate exclusively from email addresses ending with the genuine domain @saipem.com
These malicious communications, despite the fake email addresses, include attached .pdf files bearing the Saipem logo. Under the pretext of requesting the registration of new suppliers in Saipem’s Vendor Register and validating the existing ones for the 2025/2027 projects, recipients of these communications are fraudulently induced to complete the questionnaire in the attached .pdf file and disclose potentially sensitive and confidential information.
Please be reminded not to download attachments or click on links from suspicious email addresses.
Based on the information received by Saipem, it is possible that, during the communications, the perpetrators of the fraud may request monetary payments for the alleged registration of the targeted company in Saipem’s Vendor Register. Please bear in mind that Saipem will never request fees or payments during the supplier scouting or onboarding processes.
Below is reported a sample of the fraudulent communication.
Please report immediately any fraudulent communication by sending an email to report.cyberevent@saipem.com attaching, if possible, the email received.
Saipem has become aware of a spear phishing campaign being conducted by unknown individuals targeting third-party companies.
This ongoing fraud is characterized by the sending of emails from addresses associated with domains that are clearly not linked to Saipem. For example, the email addresses enquiry@sagamaxservices.com.my and zainudin@nesasinar.com are being used, while it is important to note that all official Saipem communications come exclusively from email addresses ending with the genuine domain @saipem.com.
These malicious communications, despite the fake email addresses, unlawfully use the names of actual, unsuspecting Saipem employees and include attached .pdf files bearing the Saipem logo.
Under the pretext of requesting participation in a Request for Quotation (RFQ), recipients of these communications are fraudulently induced to view the .pdf file and download the necessary documentation to participate in the project via the malicious links contained in the file.
Warning: accessing the links and the password protected .zip file contained within leads to the compromise of the user's computer due to a trojan carried by the downloaded documents.
We urge everyone to exercise utmost caution and not to download or open suspicious documents. For any doubts or reports, please immediately send an email to report.cyberevent@saipem.com attaching, if possible, the email received.
Types of cyber attacks
It is a type of attack that involves sending malicious emails specifically designed to trick victims into revealing banking information, access credentials, or other sensitive data.
A form of phishing where an attacker uses a text message to trick recipients into clicking on a link, downloading malicious software onto a smartphone, or sharing confidential information
Social engineering encompasses a broad range of activities intended to exploit human error or human behaviour with the objective of gaining access to information or services. It uses various forms of manipulation to trick victims into making mistakes or handing over sensitive or secret information.
Spearphishing attacks are carried out by sending highly personalized messages that fraudsters craft using publicly gathered information about the victim.
Creation of messages with a spoofed sender address
Using intentional typos to deceive the recipient (e.g. salpem.com instead of saipem.com).
Vishing attacks use spoofed phone numbers, voice-altering software, fake text messages, and social engineering techniques to deceitfully obtain sensitive information from targeted users.
Deepfakes are files (photos, videos, and/or audio) generated by artificial intelligence software. These tools take real content and can recreate, with astonishing realism, the features or movements of a face or body, as well as accurately mimic a specific voice. This sophisticated technology has a high potential to deceive human perception, making it particularly dangerous when used to fraudulently exploit someone else's identity.
Documents