New Phishing Scam Targets Italys Post Office
Crooks impersonating Italian post operator Poste Italiane have launched an elaborate phishing scam with e-mails designed to swindle users of one of the country”s last bastions of snail mail.
The scam starts with a courteous e-mail to post office clients, asking them to confirm their login data for maintenance reasons. The appearance of the e-mail seems legitimate as the fake e-mail uses parts from the genuine template, such as menus and banners for a better chance at misleading the customers.
Classically, the fake e-mail clearly explains that Poste Italiane needs to confirm the clients” identification data and provides the user with a link that sends them to a login page that asks for personal information such as user name, password, card ID or security card number. Filling in the form gives the crooks everything they need to access any cash in your account.
What is particularly interesting in this attack is that the stolen information is neither sent via e-mail to an attacker nor saved in a database. Instead, it”s stored in a plain text file on the same compromised server that hosts the phishing form. This makes the attack way worse, as this information is not only available to attackers, but also to anyone who knows how to use a search engine to find valid CC info.
What you can do:
If you have any suspicions regarding your online card account data, you should immediately call Poste Italiane to have all recent transactions blocked at once. They will also direct you through the steps necessary to have your card re-issued.
As a rule always avoid giving out credit card information, especially when you need to disclose your PIN or CVV info. Banks and other institutions working with money never ask clients to change IDs or passwords via e-mail. When in doubt, pick up your phone and call or pay them a visit to make sure. Also, install anti-virus software and keep it up to date.
This article is based on the technical information provided courtesy of Octavian Mihai Minea, Bitdefender Virus Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.
Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US
July 16, 2021
How to protect yourself against cyberstalking
July 06, 2021
The Top Five Security Risks Smartphone Users Face Today
July 02, 2021
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials
July 02, 2021
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger
June 30, 2021
Mobile security threats: reality or myth?
June 13, 2021
FOLLOW US ON
You might also like
April 22, 2021
April 22, 2021
April 13, 2021