PHISHING INDEX
Below are the most common email phishing attempts detected by TG Soft's Anti-Malware Research Center in March 2025:
28/03/2025 =>
Nexi
27/03/2025 =>
Account Posta Elettronica (Email account)
26/03/2025 =>
BRT
25/03/2025 =>
WeTransfer
23/03/2025 =>
Aruba - Dominio scaduto (Expired Domain)
17/03/2025 =>
Phishing Generali
13/03/2025 =>
Aruba - Verifica utente (User verification)
12/03/2025 =>
Phishing sondaggio clienti (Phishing customer survey)
10/03/2025 =>
Mailbox
08/03/2025 =>
PayPal
08/03/2025 =>
Aruba - Rinnovo Dominio (Domain renewal)
06/03/2025 =>
iCloud
03/03/2025 =>
Mooney
03/03/2025 =>
Phishing sondaggio clienti (Phishing customer survey)
01/03/2025 =>
ACI
These emails are intended to trick some unfortunate person into providing sensitive data - such as bank account information, credit card codes or personal login credentials - with all the possible, easily imaginable, consequences.
28 March 2025 ==> Phishing Nexi
SUBJECT: <
Importante: Attivare il nuovo sistema di sicurezza>
(Important: Activate the new security system)
This new phishing attempt, pretends to be a communication from Nexi, a well-known digital payment services company.
The message informs the recipient that he/she must activate the new security system, which guarantees greater security and reliability, by
30 March, otherwise, after this date, he/she will no longer be able to carry out transactions with his/her
Nexi card.
The user can activate the new security system via the following link:
Clicca qui (Click here)
The well-known company is Clearly uninvolved in the mass sending of these e-mails, which are real scams whose objective remains, as always, to steal the confidential data of the unsuspecting recipient.
Despite the cyber crook was careful to include the
Nexi logo, the message comes from an email address <
service-nexi[at]mondo-connetti[dot]com> that cannot be traced back to the official domain of
Nexi. This is definitely anomalous and should raise our suspicions.
Anyone who unluckily clicks on the link, will be redirected to an anomalous web page, which is intended to steal credit card data, but which has already been reported as a fraudulent page /site. In fact, it is run by cyber-criminals who aim to steal the user’s most valuable data, in order to use it for malicious purposes.
Given these considerations, we recommend that you NEVER enter your credentials on sites whose origin you do not know, as they will be sent to a remote server, and used by cyber crooks with all the associated, easy imaginable, risks.
29 - 27 March 2025 ==> Phishing Account posta elettronica (Phishing E-mail account)
SUBJECT: <*** Password scaduta> (Password expired) and <Test Upgrade>
We analyze below two examples of phishing that aim to steal the credentials of the victim's e-mail account. In the first example, the user is warned to update the webmail by 30/03/2025, to continue using the services, while in the second example the user is informed that the current password will expire on 27/03/2025, and a new password will be assigned after 24 hours. It is therefore necessary to confirm the current password in order to continue using it.
When we analyze the messagges, we see that the e-mail addresses <
noreply[at]*****[dot]it> and <
communication[at]*****[dot]it>, cannot be traced back to the server hosting the mailbox. This is definitely abnormal and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the links:
Upgrade Wemail or
Continue with your Current Password, will be redirected to an anomalous WEB page, which is intended to steal access to the e-mail account, but which has already been reported as a deceptive website/page. In fact, it is run by cyber criminals, whose goal is to steal the user’s most valuable data, in order to use it for malicious purposes.
Given these considerations, we recommend you NOT to ever enter your credentials on sites whose origin you do not know, as they will be sent to a remote server and used by cyber crooks, with all the associated, easily imaginable, risks.
26 March 2025 ==> Phishing BRT
«SUBJECT: < Numero di spedizione 739156561915 > (Shipping number 739156561915)
Below is a new phishing attempt, hidden behind a false communication from
BRT, concerning the delivery of an alleged parcel.
The message notifies the unsuspecting recipient that his/her shipment is on hold awaiting payment of customs fees for import into Italy. It then informs him/her that, in order to receive the parcel, he/she must pay the €2 customs fees in advance. These messages are increasingly being used to scam consumers, who more and more use e-commerce for their purchases.
A tracking number is also given, but it hides a link:
00340434127742459714 .If we go ahead with the dispatch, we have to click on the following button at the bottom of the e-mail:
(pay now)
The alert email comes from an email address <
brt-pacco12(at)beep(dot)pl>, unrelated to
BRT's domain name. This is definitely abnormal and should, at the very least, make us suspicious.
Anyone who clicks on the link, will be redirected to an anomalous web page.
The landing page, although graphically misleading, is unrelated to the official domain of
BRT.
On this page, where the shipment data and history are shown, the user is invited to reschedule the delivery of his/her supposed parcel. Payment can be made via the following button:
Procedi al pagamento (Proceed to payment)
Moving on, we are sent to a further page, where we are asked to enter our credit card details to pay the Euro 2.00 for the shipment. We see that the url address is anomalous, and cannot be traced back to the official domain of
BRT.
https[:]//[FakeDomainName*].com/.....
If you enter data on counterfeit websites, it will be delivered to the cyber criminals behind the scam, who will use it for malicious purposes. We therefore urge you not to rush and to be aware that, in case of these attempted cyber frauds, it is necessary to pay attention to every detail, even trivial ones.
25 March 2025 ==> Phishing WeTransfer
SUBJECT: < A transfer you sent is about to expire>
We analyze below the phishing attempt that aims to steal the account credentials of
WeTransfer.
The message, in English, informs the recipient that he/she has received 1 file and can download it by
27 March 2025, then it will be removed from the
WeTransfer's servers. It then invites him/her to log in to download the file via the following link:
View Transfer information
When we analyze the message, we see that it comes from an email address <
smtp(at)sparkitts(dot)com> that cannot be traced back to the domain of
WeTransfer. This is definitely abnormal and should make us suspicious.
Anyone who unluckily clicks on the
View Transfer information link, will be directed to an abnormal, graphically well laid-out web page, where he/she is asked to log in to his/her account on
WeTransfer, in order to download the file mentioned in the message.
The page is hosted on an abnormal address/domain:
https[:]//[FakeDomainName*].com/.....
We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks, with all the associated, easily imaginable, risks.
23 March 2025==> Phishing Aruba - dominio scaduto (Expired domain)
SUBJECT: <
[ARUBA] il tuo nome di dominio è stato scade>
([ARUBA] your domain name has been expires) (grammatical error)
We find below another phishing attempt pretending to be a communication from
Aruba.
The message informs the receiver that the payment for the last renewal of his/her domain, hosted on
Aruba, has not been received. The domain has been consequently suspended. At the moment, therefore, all the services associated with his/her e-mail account cannot be used. To proceed with the payment, it seems necessary to click on the following link:
Paga ora con carta (Pay now by card)
Clearly, the well-known web hosting, e-mail and domain registration services company,
Aruba, is uninvolved in the mass sending of these e-mails, which are real scams whose objective remains, as always, to steal sensitive data of the unsuspecting recipient.
When we analyze the text of the message, we immediately see that the sender's e-mail address <
contact[at]autodesign-woermann[dot]de> is not from the official domain of
Aruba.
Anyone who unluckily clicks on the link, will be redirected to the displayed page.
On this page, the user is asked to log in to his or her client area with a login and password to confirm his or her information, and thus avoid blocking services.
Although the site may be misleading because of the
Aruba logo, we see that the url address on the broswer bar is anomalous and not traceable to the company's official domain:
https[:]//[FakeDomainName*].com/vvxcvbsg/...
If we enter our data into counterfeit websites, in fact, it will be delivered to the cyber-criminals masterminding the scam who will use it for criminal purposes. Therefore, we urge you not to be in a hurry and to keep in mind that, in case of these cyber fraud attempts, it is necessary to pay attention to every detail, even trivial ones.
17 March 2025 ==> Phishing Generali
SUBJECT: <
"La Macchina Espresso Perfetta per la Tua Casa! pbHP7Vz">
(The Perfect Espresso Machine for Your Home! pbHP7Vz)
Below we analyze a scam message with the subject: "
Perfect espresso machine".
We immediately see that the subject line of the email refers to a coffee machine, while the body of the email invites the user into a survey to win a
Car Emergency Kit raffled off by
GENERALI, a well-known insurance company. This is obviously a mistake, that should immediately alert us.
Clearly
GENERALI is uninvolved in the mass sending of these emails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient. It is, in fact, a phishing attempt aimed at stealing personal data.
All it takes, to avoid unpleasant incidents, is a little bit of care and glance.
When we analyze the text of the message, we notice right away that the sender's e-mail address <
frank_king_m97335[at]path[dot]rackatrack[dot]com> is not from
GENERALI's official domain.
However, if we click on the link in the email, we are redirected to a page that, although graphically well designed, is not trustworthy at all.
Again, the address/domain is not reliable and is unrelated to the well-known insurance company.
https[:]//[FakeDomainName*]...
We see a countdown timer at the bottom of the page. This is a ploy by the cybercriminal to rush unsuspecting recipients, under the impression that there is little time to participate in the survey and win the prize. However, if the timer resets, it starts over again, a very strange thing as well.
When we click on
INIZIA IL SONDAGGIO (START THE SURVEY), we are directed to the next screens, where we are asked to answer 8 questions.
Here specifically is question 1/8. These are, in fact, generic and poorly worded questions, focused on the satisfaction with the services offered and the marketing/promotional choices implemented by
GENERALI. We see that the countdown timer is also present here, to induce the user to quickly conclude the process for the prize.
When the survey is over, we can finally claim our prize: a Car Emergency Kit that would be worth Euro 99,95, but we will get it just by paying shipping costs...
But let's hurry… it seems there are only a few left in stock. To make it more reliable, the cybercriminal inserted fake comments from supposed participants, some of whom were satisfied with the received prize.
We just need to enter our information and pay the shipping cost of 2 Euros, and we will receive our prize in a few days.
We observe that on this page the price of the gift, whose value in the previous screen was Euro 99.95, now seems to have a much higher value. Indeed a recommended price of Euro 549.99 is reported!!! The page where we are redirected, to enter our personal data, is hosted on a new abnormal address/domain:
https[:]//[FakeDomainName*][.]com
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data is stolen by cyber crooks, who can use it at will.
A little attention and glance, can save a lot of hassle and headaches....
We always urge you not to rush and pay attention to even the smallest details.
13 March 2025 ==> Phishing Aruba - Verifica dell'utente (User verification)
SUBJECT: <
Verifica e-mail_(******) 3/13/2025 4:25:15 a.m.>
(Email verification_(******) 3/13/2025 4:25:15 a.m.)
Below we analyze another phishing attempt that pretends to be a communication from the
Aruba brand.
The message informs the recipient of ongoing checks on users. They are asked whether the indicated e-mail box, hosted on
Aruba, belongs to them and is active. Verification must take place -through the link provided - within 72 hours from receiving the email, otherwise the account will be deactivated. The link for verification is:
Verifica della proprietà (Property verification)
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba, is uninvolved in the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal the sensitive data of the unsuspecting recipient.
When we analyze the message, we immediately notice that the sender's e-mail address <
dirknotak[at]gmx[dot]de>, is not from the official domain of
Aruba.
Anyone who unluckily clicks on the link will be sent to the displayed page.
On this page, the user is invited to access his/her customer area using login and password, to confirm his/her data and thus avoid the block of services.
Although the site may be misleading, due to the well-known
Aruba logo, the url address in the browser bar is anomalous, and cannot be traced back to the company's official domain:
https[:]//[FakeDomainName*].com/vvxcvbsg/...
If we enter our data on counterfeit websites, it will be delivered to the cyber criminals behind the scam, who will use it for malicious purposes. We therefore urge you not to rush and to pay attention to every detail, even trivial ones.
11-12 March 2025 ==> Phishing sondaggio clienti (Phishing customer survey): ESSELUNGA/TELEPASS
Customer survey-themed phishing campaigns, exploiting well-known brands, continue. In the two cases below, they involve companies from the retail and mobility services sectors.
In the first message, the cybercriminal used the
ESSELUNGA brand name in the subject line of the e-mail but then, in the body of the message, the well-known logo of
MediaWorld is displayed. This is clearly a typo, that should immediately raise alarm bells.
The customer has been selected to receive an exclusive prize: <
a De'Longhi Espresso machine>, answering a few short questions.
In the second example shown, the prize, seemingly from
TELEPASS, is a <
Car Emergency Kit>, which, again, can be received through the participation in a short survey.
Clearly the brands exploited in these campaigns, are unrelated to the mass sending of these malicious e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
In the two reported examples, we see that the e-mails always come from the same sender <mega[dot]botar[dot]co[dot]uk-***[at]****[dot]it>, which is clearly not traceable to either
ESSELUNGA's or
MediaWorld's official domain, nor to
TELEPASS. We can therefore conclude that they are probably part of the same malspam campaign. This is definitely abnormal, and should certainly raise our suspicions.
If we click on the links in the e-mail, we are redirected to a landing page, which may look graphically deceptive (with misleading images and the brand's authentic logo), but which again is hosted on an abnormal address/domain, that does not look at all trustworthy or traceable to the exploited brand.
The cyber-criminals masterminding the scam, through various ploys - such as reporting false testimonials from customers who won the concerned prize - try to induce the user to quickly complete the survey, by making him/her believe that there are only a few lucky people, and that the offer expires in the day.
Surely if so many users were lucky why not try our luck?
When the survey is over, we are redirected to a page to enter the shipping address and pay the charges.
The cybercriminals' purpose is to induce the victim to enter his/her personal information to ship the prize and then, likely, also the credit card information to pay the shipping costs.
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data is stolen by cyber crooks, who can use it at will.
10 March 2025 ==> Phishing Account posta elettronica (Phishing E-mail account)
SUBJECT: <
Action required: Your password will be reset today - 2025 - *****>
We analyze below the phishing attempt that aims to steal the credentials of the victim's e-mail account.
The message, in English, informs the recipient that the password for his/her e-mail account is expiring. In order to press the user to proceed quickly, he or she is told that a new password will be generated 3 hours after the opening of the message. It therefore invites the victim to confirm the current password immediately, through the following link:
Keep the current password
When we analyze the message, we see that the email address <
info[at]dinge[dot]ooguy[dot]com> is not traceable to the mailbox hosting server. This is definitely anomalous and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the link, will be redirected to an anomalous WEB page, which simulates the mailbox login page.
On this page the user is asked to log in to his/her account entering, especially, his/her mailbox password to keep his/her current password.
However, that page is hosted on an anomalous address/domain:
https[:]//[FakeDomainName*].com/.....
We always urge you to pay attention to every detail, even trivial ones, and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks with all the associated, easily imaginable, risks.
8 March 2025 ==> Phishing PayPal
SUBJECT: <
Urgente: Conferma il tuo numero di telefono>
(Urgent: Confirm your phone number)
We analyze below a new phishing attempt aimed to steal the account login credentials of
PayPal, a well-known US digital payments company.
The message prompts the recipient to confirm his or her phone number, to confirm his or her identity linked to the PayPal account, via the following link:
CONFERMA (CONFIRM)
When we analyze the message we see that the email address <
pa[at]babbaiabba[dot]com> is clearly not from
PayPal's official domain.This is definitely abnormal and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the
CONFERMA (CONFIRM) link, will be presented with the screen shown in the side image.
As we can see, the user is redirected to a site that graphically simulates the login page of
PayPal, but is hosted on an anomalous address/domain.
Given these considerations, we point out that you should NEVER enter your credentials on sites whose origin you do not know, as they will be sent to a remote server and used by cyber crooks with all the associated, easily imaginable, risks.
8 March 2025 ==> Phishing Aruba - Rіnnоvо dominio (Domain renewal)
SUBJECT: <
Fattura N: 17960003ET1>
(Invoice N: 17960003ET1)
We find again this month the phishing attempts that pretends to be communications from the
Aruba brand.
The message informs the recipient that the domain associated to his/her account is expiring on
08/03/2025. In order to continue using the services linked to it, the user is invited to renew the domain before the expiry date. The message shows the details of the payment and the identification number of the invoice, indicating the link for the renewal order.
RINNOVA IL DOMINIO (RENEW THE DOMAIN)
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba, is uninvolved in the mass sending of these e-mails, which are real scams whose objective remains, as always, to steal sensitive data of the unsuspecting recipient.
When we analyze the message, we immediately notice that it comes from an address <
3info(at)salvatoremonaco(dot)it> clearly not referable to the official domain of
Aruba. It is crucial to always pay the greatest attention before clicking on suspicious links.
Anyone who unluckily clicks on the
RINNOVA IL DOMINIO (RENEW THE DOMAIN) link, will be redirected to the displayed web page.
On this page the user is invited to access his/her customer area, inserting a login and password to renew the domain, and avoid the blocking of services.
Although the site may be misleading since the well-known
Aruba logo has been inserted, we see that the url address on the browser bar is anomalous and not traceable to the company's official domain:
https[:]//[FakeDomainName*].com.br...
If we enter our data on counterfeit websites, it will be delivered to the cyber criminals behind the scam, who will use it for malicious purposes. We therefore urge you not to rush and to pay attention to every detail, even trivial ones.
6 March 2025 ==> Phishing iCloud
SUBJECT: <
"La vostra offerta di 50 GB di cloud è in attesa">
(Your 50 GB cloud offer is waiting)
We analyze below the phishing attempt aimed to steal the credentials of the victim's
iCloud account.
The message informs the recipient that his or her storage space is full, so photos and videos are no longer being updated. However, as part of the loyalty programme, he/she is entitled to 50GB of extra space at a cost of EUR
1.99, using the following link:
AGGIORNA SPAZIO (UPDATE SPACE)
When we analyze the message, we see that the email address <
info[at][dot]ph[dot]techbuzztools[dot]shop> clearly not traceable to the
iCloud server. This is definitely abnormal and should make us suspicious.
Anyone who unluckily clicks on the link, will be redirected to an abnormal web page, which simulates the login page to the
iCloud account.
On this page the user is invited to log into his/her account to update the storage space and find out if he/she can receive the 50 GB for only €1.99. Usually these promotions, which require payment of a small amount, are intended to steal credit card data.
In fact, the page where you are redirected, in order to enter your credentials, is hosted on an abnormal address/domain:
https[:]//[FakeDomainName*].com/.....
We always urge you to pay attention to every detail, even trivial ones, and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks with all the associated, easily imaginable, risks.
3 March 2025 ==> Phishing Mooney
SUBJECT: <
Importаntе: Completа l'Accеsso al Tuo Account pеr Evitarе Disguidi>
(Important: Complete Access to Your Account to Avoid Malfunctions)
We analyze below a phishing attempt that pretends to be a communication from
Mooney, a well-known Italian Proximity Banking & Payments company.
The message informs the recipient that the company's website has undergone a major overhaul. It then invites him/her to view the changes by logging into his/her account and registering his/her device.
The user is then invited to use the following link to log into his/her account, register the device, and discover all the new features:
Accedi a Mooney (Log in to Mooney)
Clearly, the well-known Italian online payment company
Mooney, is unrelated to the mass sending of these emails, which are real scams whose goal remains, as always, to steal the sensitive data of the unsuspecting recipient.
Although the cyber scammer used graphics similar to or stolen from Mooney, and had the foresight to enter the real company's data so as to fool a careless user, we should always exercise caution before clicking on suspicious links.
In fact, when we analyze the text of the message, we immediately notice that the sender's e-mail address <ghr(at)cenattg-adyenoracle(dot)it> is not traceable to Mooney's official domain. Another anomalous fact is the request to update the data through a link provided by e-mail.
Anyone who unluckily clicks on the
Accedi a Mooney (Log in to Mooney) link, will be redirected to an anomalous WEB page, unrelated to the official website of
Mooney.
On this page the user is asked to log in to his or her restricted area, using his or her account login and password.
Although the site may be misleading, in that the graphics used are similar to
Mooneys, the url address in the browser bar is anomalous and not traceable to the company's official domain.
We therefore urge you to always be very careful, even about the smallest details, and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks.
2 - 3 March 2025 ==> Phishing sondaggio clienti (Phishing customer survey)
Customer survey-themed phishing campaigns, exploiting well-known brands, continue. In the two cases below, they concern large retail companies.
The first message exploits the
ILLY brand, and informs the customer that he/she has been selected to receive an exclusive gift <
an X1 Anniversary ECO MODE coffee machine>, answering a few short questions.
In the second example, which exploits the
ESSELUNGA brand, a <
set Tupperware 'modular Mates' of 36 pieces > is given away again by participating in a short survey.
Clearly, the brands exploited in these campaigns are unrelated to the mass sending of these malicious e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
When we analyze the messages, we see that they have email addresses <technqiueeee[at]yes[dot]bflschool[dot]com>, <producequality[at]vip[dot]163[dot]com> clearly not traceable to either the official domain of ILLY or ESSELUNGA. This is definitely abnormal and should certainly raise our suspicions.
If we click on the links in the e-mail, we are redirected to a graphically deceptive page (with misleading images and the brand's authentic logo), but hosted on an anomalous address/domain, that does not seem trustworthy or traceable to the exploited brand.
The cyber-criminals masterminding the scam, through various ploys - such as reporting false testimonials from customers who have won the concerned prize - try to induce the user to quickly complete the survey by making him/her believe that there are only a few lucky people, and that the offer expires in the day.
Surely if so many users were lucky why not try our luck?
When the survey is over, we are redirected to a page to enter the shipping address and pay the charges.
The cybercriminals aim to induce the victim to enter his/her personal information to ship the prize and then, likely, also the credit card information to pay the shipping costs.
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data is stolen by cyber crooks, who can use it at will.
1 March 2025 ==> Phishing ACI
SUBJECT: <
"Aiutaci a migliorare i servizi ACI e vinci un kit di emergenza per auto!">
(Help us to improve ACI services and win a car emergency kit)
Below we analyze the following new scam attempt, hidden behind a false communication from
ACI (The Automobile Club of Italy).
The lucky user has been selected by
ACI to participate in a survey offering a prize:
an emergency car kit...or so it seems.
Certainly this phishing is a real decoy for many inexperienced users.
Clearly
ACI is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient. So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.
Even at first glance, we see that the email address <service[at]hsi[dot]tdsdemo[dot]in> is clearly not traceable to the official domain of
ACI. This is definitely abnormal and should, at the very least, make us suspicious. However, if we go ahead and click on the link in the e-mail, this is what happens:
We are redirected to a landing page which, although graphically well designed (with misleading images and the authentic
ACI logo), does not seem reliable at all.
The survey to obtain the prize is, in fact, hosted on an anomalous address/domain:
https[:]//[FakeDomainName*]....
which has no connection with
ACI.
The cyber-criminals masterminding the scam, through various ploys - such as reporting false testimonials from customers who have won the concerned prize - try to induce the user to quickly complete the survey by making him/her believe that there are only a few lucky people and that the offer expires in the day. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing.
When we click on
INIZIA IL SONDAGGIO (START THE SURVEY), we are taken to the next screens, where we are asked to answer 8 questions.
Here is specifically question 1/8. These are very general questions focused on the degree of satisfaction with the services offered by
ACI and on the daily habits of consumers. Here, too, there is a countdown to prompt the user to quickly finish the process for the prize.
When the survey is over we can finally claim our prize: car emergency kit that would be worth 99,95 Euros but costs us 0. We only have to pay shipping costs.
But let's hurry. It seems there are only 5 left in stock.
Here we are: in fact, all we need to do is to enter our shipping address and pay the shipping cost, and in 5-7 business days the prize will be delivered
To make it more reliable, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not really a scam.....
Surely if so many users were lucky why not try our luck?
Then, when we click on
Continua (Continue), we are sent to a further page, to enter our shipping address and pay shipping costs of Euro 1,98.
The goal of cybercriminals is to get the victim to enter his/her personal information to ship the prize, and then presumably he/she will also be asked for credit card information, to pay the shipping costs.
The page we are redirected to enter our personal data, is hosted on an address/domain that is still abnormal:
https[:]//[FakeDomainName*][.]com
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data is placed in the hands of cyber crooks, who can use it at will.
A little bit of attention and glance can save a lot of hassles and headaches...
We urge you NOT to be fooled by these types of e-mails, which, even though they use familiar and not particularly sophisticated approach techniques, if there is a resurgence, with reasonable likelihood more than a few unfortunates will be fooled.
We invite you to check the following information on phishing techniques for more details:
03/02/202514:54 - Phishing: the most common credential and/or data theft attempts in February 2025...
03/01/2025 14:40 - Phishing: the most common credential and/or data theft attempts in January 2025...
03/12/2024 14:47 - Phishing: the most common credential and/or data theft attempts in December 2024...
06/11/2024 14:33 - Phishing: the most common credential and/or data theft attempts in November 2024...
07/10/2024 14:33 - Phishing: the most common credential and/or data theft attempts in October 2024...
04/09/2024 09:28 - Phishing: the most common credential and/or data theft attempts in September 2024
06/08/2024 14:50 - Phishing: most popular credential and/or data theft attempts in August 2024...
04/07/2024 17:22 - Phishing: the most common credential and/or data theft attempts in July 2024.
03/06/2024 17:22 - Phishing: the most common credential and/or data theft attempts in June 2024..
03/05/2024 11:56 - Phishing: the most common credential and/or data theft attempts in May 2024..
03/04/2024 10:23 - Phishing: the most common credential and/or data theft attempts in April 2024...
04/03/2024 10:42 - Phishing: the most common credential and/or data theft attempts in March 2024..
Try Vir.IT eXplorer Lite
If you are not yet using Vir.IT eXplorer PRO, it is advisable to install Vir.IT eXplorer Lite -FREE Edition- to supplement the antivirus in use to increase the security of your computers, PCs and SERVERS.
Vir.IT eXplorer Lite has the following special features:
- freely usable in both private and corporate environments with Engine+Signature updates without time limitation;
- fully interoperable with other AntiVirus software and/or Internet Security products (both free and commercial) already installed on your computer. It doesn't need any uninstallation and it doesn't cause slowdowns, as some features have been appropriately reduced to ensure interoperability with the AntiVirus software already on your PC/Server. This, however, allows cross-checking through the scan;
- it identifies and, in many cases, even removes most of the viruses/malware actually circulating or, alternatively, allows them to be sent to the C.R.A.M. Anti-Malware Research Center for further analysis to update Vir.It eXplorer PRO;
- through Intrusion Detection technology, also made available in the Lite version of Vir.IT eXplorer, the software is able to report any new-generation viruses/malware that have set in automatically and send the reported files to TG Soft's C.R.A.M
- Download Vir.IT eXplorer Lite from the official distribution page of TG Soft's website.
VirIT Mobile Security AntiMalware ITALIAN for ALL AndroidTM Devices
VirIT Mobile Security Italian Anti-Malware software that protects Android™ smartphones and tablets, from Malware intrusions and other unwanted threats, and empowers the user to safeguard their privacy with an advanced heuristic approach (Permission Analyzer).
TG Soft makes VirIT Mobile Security available for free by accessing the Google Play Store market (https://play.google.com/store/apps/details?id=it.tgsoft.virit) from which you can download the Lite version, which can be freely used in both private and corporate settings.
You can upgrade to the PRO version by purchasing it directly from our website=> click here to order
Acknowledgements
TG Soft's Anti-Malware Research Center would like to thank all users, customers, reseller technicians, and all people who have transmitted/reported material attributable to Phishing activities to our Research Center, that allowed us to make this information as complete as possible.
How to submit suspicious emails for analysis as possible phishing but also virus/malware or Crypto-Malware
You can submit materials to TG Soft's Anti-Malware Research Center safely and free of charge in two ways:
- any suspect email can be sent directly by the recipient's e-mail, to the following mail lite@virit.com,choosing as sending mode "Forward as Attachment" and inserting in the subject section "Possible phishing page to verify" rather than "Possible Malware to verify";
- save the e-mail to be sent to TG Soft's C.R.A.M. for analysis as an external file to the e-mail program used. The resulting file must be sent by uploading it from the page Send Suspicious Files (http://www.tgsoft.it/italy/file_sospetti.asp). Obviously if you want a feedback on the analysis of the data submitted, you have to indicate an e-mail address and a brief description of the reason for the submission (for example: possiible / probable phishing; possible / probable malware or other).
For more details on how to safely forward suspicious e-mails, we invite you to consult the following public page:
How to send suspicious emails for analysis
We provide all this information to help you prevent credential theft, viruses/malware or, even worse, next-generation Ransomware / Crypto-Malware.
TG Soft's C.R.A.M. (Anti-Malware Research Center)
