Crooks impersonating Italian post operator Poste Italiane have launched an elaborate phishing scam with e-mails designed to swindle users of one of the country’s last bastions of snail mail.
The scam starts with a courteous e-mail to post office clients, asking them to confirm their login data for maintenance reasons. The appearance of the e-mail seems legitimate as the fake e-mail uses parts from the genuine template, such as menus and banners for a better chance at misleading the customers.
Classically, the fake e-mail clearly explains that Poste Italiane needs to confirm the clients’ identification data and provides the user with a link that sends them to a login page that asks for personal information such as user name, password, card ID or security card number. Filling in the form gives the crooks everything they need to access any cash in your account.
What is particularly interesting in this attack is that the stolen information is neither sent via e-mail to an attacker nor saved in a database. Instead, it’s stored in a plain text file on the same compromised server that hosts the phishing form. This makes the attack way worse, as this information is not only available to attackers, but also to anyone who knows how to use a search engine to find valid CC info.
What you can do:
If you have any suspicions regarding your online card account data, you should immediately call Poste Italiane to have all recent transactions blocked at once. They will also direct you through the steps necessary to have your card re-issued.
As a rule always avoid giving out credit card information, especially when you need to disclose your PIN or CVV info. Banks and other institutions working with money never ask clients to change IDs or passwords via e-mail. When in doubt, pick up your phone and call or pay them a visit to make sure. Also, install anti-virus software and keep it up to date.
This article is based on the technical information provided courtesy of Octavian Mihai Minea, Bitdefender Virus Analyst.
All product and company names mentioned herein are for identification purposes only and are the property of, and may be trademarks of, their respective owners.