PHISHING INDEX

Below are the most common email phishing attempts detected by TG Soft's Anti-Malware Research Center in  July 2022:

28/07/2022 => Account di posta elettronica (Email Account)
26/07/2022 => Account di posta elettronica (Email Account)
26/07/2022 => Aruba - Notifica di cessazione (Termination notice)
25/07/2022 => Account di posta elettronica (Email Account)
22/07/2022 => Webmail
22/07/2022 => Aruba - Avviso di cessazione (Termination notice)
21/07/2022 => Aruba - Mancata consegna (Failed delivery)
21/07/2022 => InBank
19/07/2022 => Aruba CloudFlare
18/07/2022 => EuroPages - Sondaggio Amazon (Amazon survey)
18/07/2022 => Aruba - Rinnovo non riuscito (Failed renewal)
17/07/2022 => Aruba - Rinnova il dominio (Renew the domain)
14/07/2022 => Consegna del pacco (Package delivery)
12/07/2022 => InBank
11/07/2022 => Account di posta elettronica (Email Account)
08/07/2022 => Europages
06/07/2022 => Account e-mail (Email Account)
04/07/2022 => Banco BPM
04/07/2022 => EuroPages

These emails are intended to trick some unfortunate person into providing sensitive data - such as bank account information, credit card codes or personal login credentials - with all the possible easily imaginable consequences.

• A little bit of attention and glance, can save a lot of hassle and headache...

• Try Vir.IT eXplorer Lite

• Now Available VirIT Mobile Security

• Acknowledgements

• How to send suspicious emails for analysis

July 28, 2022 ==> Phishing Account di posta (Email Account)

«SUBJECT:< Reminder : Sending and receiving mail with your existing address(******) >

We examine below the phishing attempt aimed at stealing the victim's inbox.

The message, in English, informs the recipient that there are incoming messages waiting to be delivered. It then invites him to validate his e-mail address by entering his password; a verification code will be sent by e-mail for verification.
In order to continue using the e-mail address and not to have interruptions in services related to the e-mail account - which for completeness is also stated in the e-mail - it is necessary to confirm the password, through the following link:

Activate my ******* address

When we examine the email, we notice that the message comes from an email address not traceable to any email provider <jma(at)vallmallspares(dot)co(dot)za>. This is definitely anomalous and should, at the very least, make us suspicious.

Anyone who unluckily clicks on the link  Activate my ******* address  will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 26, 2022 ==> Phishing Account di posta (Email Account)

«SUBJECT:< news Mail Maintainance Briefing! >

We analyze below the phishing attempt aimed at stealing the mailbox of the victim.

The message, in English, informs the recipient that his mail account password will expire within 5 hours. In order to keep the password and have no interruption in the services related to his mail account - which for completeness is also stated in the email - it is necessary to confirm the password, through the following link:

Keep My Password

When we examine the email, we notice that the message comes from an email address not traceable to any email provider <info(at)ag-elecs(dot)com>. This is definitely anomalous and should, at the very least, make us suspicious.

Anyone who unluckily clicks on the link Keep My Password  will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 25, 2022 ==> Phishing Account di posta elettronica (Email Account)

«SUBJECT: <*****  Audit report 30719>

This phishing attempt is aimed at stealing the login password to the mailbox.

The message informs the user that the file <Audit, Certification and Inspection report>is available for sharing. To retrieve the file, it is necessary to click on the following link:

Open

When we examine the email, we observe that the message, marked by the concise and essential textual layout, comes from an email address not referable to the email server, but mimics the recipient's address <no_reply30719(at)****(dot)com>.

Anyone who unluckily clicks on the link Open,will be redirected to a WEB page which has nothing to do with the e-mail provider, but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 22, 2022 ==> Phishing Webmail

«SUBJECT: <Aggiornamento debriefing/ Avviso finale prima dell'esecuzione dell'azione > (Update debriefing/ Final notice before action is taken)

This phishing attempt aims to steal the access password to the mailbox hosted on Webmail.

The message informs the user that, since he  has ignored previous messages from Webmail, "the e-mails sent with attachments (pdf, xls) will be received in a spam folder or bounced back because your profile will be blacklisted in the next 48 hours."
The blacklisted e-mail address is then also notified. It then invites the user to update his profile in order to remove it from the blacklist, via the following link:

Aggiorna il profilo ora (Update your profile now)
 
When we examine the email, we notice that the message, marked by the concise and essential textual layout, comes from an email addresss not traceable to the email server <smtpfoxh4d81(at)advancedcentreforeyes(dot)in>.

Anyone who unluckily clicks on the link Aggiorna il profilo ora,(Update your profile now), will be redirected to a WEB page that has nothing to do with the Webmail site but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 22 and 26, 2022 ==> Phishing Aruba "Avviso di cessazione" (Termination notice)

SUBJECT: 26/07/2022: < Notifica di Cessazione per il tuo account e-mail > (Notification of Termination for your email account)
SUBJECT: 22/07/2022: < Il tuo account di posta elettronica Aruba avviso di cessazione! > (Your Aruba e-mail account notice of termination!)

Here is another phishing attempt that comes as a fake communication from Aruba.

The message informs the recipient that a request to close his Aruba-hosted e-mail account has come, and notifies him that the closure process has been initiated. It then invites the user to cancel the request, "If this request was made accidentally and you are not aware of it," within 24 hours, via the following link:

>>> Accedi nuovamente qui per annullare la richiesta di chiusura dell'account (Log back in here to cancel the account closure request)

Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.

Examining the text of the message, we notice right away that the sender's e-mail address <bernd-dieter(dot)marcussen(at)mytng(dot)de>, is not from Aruba's official domain.

Anyone who unluckily clicks on the link >>> Accedi nuovamente qui per annullare la richiesta di chiusura dell'account (Log back in here to cancel the account closure request), will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 21, 2022 ==> Phishing Aruba "Mancata consegna" (Failed delivery)

«SUBJECT: < Promemoria importante per messaggio di mancata consegna! > (Important reminder for non-delivery message!)

Here is another phishing attempt that comes as a fake communication from Aruba.

The message informs the recipient that there are 2 new e-mails not delivered correctly to his mailbox hosted on Aruba, since "Aruba has a new mail regulation system policy that affects your incoming messages to your mailbox". It therefore urges the user to act quickly, to prevent these messages or other incoming messages from being rejected, inviting him to follow the instructions through the following link:

Accedi nuovamente qui per recuperare i tuoi messaggi (Log back in here to retrieve your messages)

Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.

Examining the text of the message, we notice right away that the sender's e-mail address <bernd-dieter(dot)marcussen(at)mytng(dot)de>, is not from Aruba's official domain. 

Anyone who unluckily clicks on the link Accedi nuovamente qui per recuperare i tuoi messaggi (Log back in here to retrieve your messages), will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 21, 2022 ==> Phishing InBank

SUBJECT: <Il tuo alleato per la sicurezza, l’app che ti permette di gestire e controllare il tuo conto e le tue carte in totale autonomia.> (Your ally for security, the app that allows you to manage and control your account and cards in total autonomy)

This new phishing attempt pretends to be a communication from InBank.

The message informs the recipient of the potential of the InBank Notify application, "the tool that enables you to manage the security of all your InBank services by allowing you to authorize and keep track of key banking operations through the receipt of notifications.
You can manage access to Inbank, lock and unlock your account and card operations conveniently, even when you are abroad."
He then invites the user to utilize the Notify app to manage their InBank account, through the following link:

Fare clic sul collegamento sottostante per aprire una finestra del browser sicuro
(Click the link below to open a secure browser window)

At first we notice that the text of the email is very detailed and looks like an informative/divulgative message about the potential of the banking application. We observe, however, that the alert email comes from an email address <dpo-notify21(at)checkyour(dot)com> that is clearly not from the official domain of InBank.

Anyone who unluckily clicks on the link Fare clic sul collegamento sottostante per aprire una finestra del browser sicuro (Click the link below to open a secure browser window) will be redirected to a WEB page which has nothing to do with the InBank's site but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 19, 2022 ==> Phishing Aruba CloudFlare "Rinnovo non riuscito" (Failed renewal)

«SUBJECT:< Un file di documento per le aziende è stato condiviso con te tramite iCloud di Aruba.it > (A business document file has been shared with you via Aruba.com's iCloud)

Here is another phishing attempt that comes as a fake communication from Aruba.

The message informs the recipient that a new document shared through Aruba CloudFlare is available. It then invites the user to view the PDF file through the following link:

Visualizza il file PDF  (View the PDF file)

Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.

Examining the text of the message, we notice right away that the sender's e-mail address <holger(dot)reimer(at)mytng(dot)de>, is not from Aruba's official domain. We report that this e-mail address has also been used several times this month in other phishing campaigns (such as the EuroPages campaign).

Anyone who unluckily clicks on the link Visualizza il file PDF (View the PDF file), will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 18, 2022 ==> Phishing EuroPages

«SUBJECT: <Un nuovo messaggio di notifica ti è stato inviato da Europages.it> (A new notification message has been sent to you from Europages.it)

We find again the following phishing attempt disguised as a communication from EuroPages and aimed at stealing the victim's account login credentials.

The message, supposedly is from Aruba, but refers to a product listed on EuroPages, the largest international B2B sourcing platform. It invites the user to log into his account to view the request message, via the following link:

>>>Accedi nuovamente al mio account di posta elettronica  (Log back into my email account)

Examining the email, we notice that the message comes from an email address not traceable to the official domain of either Aruba or EuroPages <holger(dot)reimer(at)mytng(dot)de>. This is definitely anomalous and should, at the very least, make us suspicious. However, the criminal had the foresight to include the Aruba logo in the body of the message.
Anyone who unluckily clicks on the link >>>Accedi nuovamente al mio account di posta elettronica (Log back into my email account) will be redirected to a WEB page, which has nothing to do with the EuroPages' site.

We have been chosen, among the 10 lucky users who, only for today, have a chance to win a fantastic prize, answering 4 questions.

The questions, as you can see from the pictures, are very general and are used to identify the user's profile.

At the end of the questionnaire we will then be redirected to another web page, where you are asked to choose a gift pack....After 2 tries we finally manage to win our Samsung Neo QLED!
The side image shows THE RULES to obtain the new Samsung Neo QLED. Among them the payment of the €2 shipping charge is required. Then we are directed to a further page to enter our contact information and pay the €2 shipping charge.

From the side image we see that our personal information is actually being requested to send the package and then the payment. As you can see, the login page is hosted on an abnormal address/domain that clearly a has nothing to do with Amazon...

https[:]//findofferclub[.]site/c/amsgqled01834564?...

The purpose of this elaborate fake email, is to induce the user to enter his personal information.
To conclude, we always urge you to be wary of any email asking for confidential data, and avoid clicking on suspicious links which could lead to a counterfeit site, difficult to distinguish from the original, thus putting your most valuable data in the hands of cyber crooks for their use and profit.

July 18, 2022 ==> Phishing Aruba "Rinnovo non riuscito" (Failed renewal)

«SUBJECT: < **** Rinnovo dei tuoi servizi non riuscito > (Failed to renew your services)

Here is another phishing attempt that comes as a fake communication from Aruba.

The message informs the receiver that the payment system has rejected his Aruba's domain renewal through the default payment method. It then invites the user to proceed with the renewal of the domain, by updating his data within 24 hours, to avoid blocking services.. He can proceed by logging into the customer area or through the following link:

https[:]//pagamenti[.]Αгuba[.]it/RiepilסgסOrdine[.]aspx?dסminiס=******

Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.

Examining the text of the message, we notice right away that the sender's e-mail address <mail(at)disegnocontrario(dot)it>, is not from Aruba's official domain.

Anyone who unluckily clicks on the link: https[:]//pagamenti[.]Αгuba[.]it/RiepilסgסOrdine[.]aspx?dסminiס=******  will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 17, 2022 ==> Phishing Aruba "Rinnova il tuo dominio" (Renew your domain)

«SUBJECT: < Aruba.it: Notifica nuovo messaggio  ! > (Aruba.it: New Message Notification !)

Here is another phishing attempt that comes as a fake communication from Aruba.

The message informs the recipient that his domain, hosted on Aruba, will expire on 18/07/2022.  If the domain is not renewed by that date, it will be deactivated togheter with all associated services - including mailboxes - so it can no longer be used to send and receive messages. It then invites the user to renew the domain through the following link:

Clicca qui (Click here)

Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.

Examining the text of the message, we notice right away that the sender's e-mail address <myrosh_s(at)lv(dot)dsns(dot)gov(dot)ua>, is not from Aruba's official domain.

Anyone who unluckily clicks on the link Clicca qui (Click here), will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 14, 2022 ==> Phishing: Consegna del pacco (Package delivery)

«SUBJECT: < 🚚La notifica del tuo pacco🎁 > (Your package notification)

Here we find again this month the phishing attempt, hiding behind a false communication from an unidentifiable sender, concerning the delivery of an alleged package.

The message notifies the unsuspecting recipient that his package is awaiting delivery, and that he can schedule delivery with the reported tracking code <29194773>. We see from the very generic message, that neither the courier to whom the shipment was entrusted, nor any reference to the supposed package to be delivered, is given. These messages are increasingly being used to scam consumers who, more and more, use e-commerce for their purchases.
The message, then, invites the user to click on the following link:

Pianifica la tua consegna (Schedule your delivery)
 
The alert email comes from an email address <regit(at)sumup(dot)com> not referable to any known courier. Anyone who unluckily clicks on the link, will be redirected to a WEB page - graphically similar to the Track&Trace page - inviting him to open 1 pending message.

However we observe, in the side image, that the url address on the broswer bar has nothing at all to do with Track&Trace's authentic domain:
https[:]//bazzelmlitml[.]com/?hard=Oe1ASA2Afgfc...

The following screen gives us information on the status of the package "Stopped at the distribution hub" and prompts us to choose the mode to arrange the new delivery, at a cost of €2.

The next screen asks us how we prefer the package to be delivered: "Voglio che mi venga consegnato" (I want it delivered to me) or "Vado a prenderlo io stesso" (I will pick it up myself).

This is followed by 2 more questions like the previous one, where we are asked where we prefer the package to be delivered:  "A casa" (At home) or  "A lavoro" (At work) and when we prefer it to be delivered: "Giorni lavorativi" (Weekdays) or "Fine settimana" (Weekends).
After selecting our preferences, we finally arrive at a new screen, confirming the sending of the package, with estimated delivery in 3 days....Then we are redirected to a further page to enter our contact details and pay the shipping costs of €2.  

From the side image we see that our personal information is requested to send the package and then for the payment. As you can see, the login page is hosted on an abnormal address/domain, that clearly has nothing to do with Track&Trace...

https[:]//sitebest[.]online/c/34567654m?s1=102a2d94...

The purpose of this elaborate fake email, is to induce the user to enter his personal information.
To conclude, we always urge you to be wary of any email asking for confidential data, and avoid clicking on suspicious links which could lead to a counterfeit site, difficult to distinguish from the original, thus putting your most valuable data in the hands of cyber crooks for their use and profit

July 12, 2022 ==> Phishing InBank

SUBJECT: <Lapplicazione ιnΒank, nuovo aggiornamento>  (The ιnΒank application, new update)

This new phishing attempt pretends to be a communication from InBank.

The message notifies the recipient that the InBank application has been updated to protect banking transactions. He is then requested to connect to the new InBank application to perform the update, via the following link:

Il mio account  (My account)

At first we notice that the text of the email is very generic and there is no identifying information about the client or the linked account. The alert email comes from an email address <email(at)deals(dot)priceline(dot)com>  clearly not from InBank's official domain.

Anyone who unluckily clicks on the link Il mio account (My account) will be redirected to a WEB page which has nothing to do with the InBank's site but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for illegal purposes.

July 11, 2022 ==> Phishing Account di posta (Email Account)

«SUBJECT: < Ultimo avvertimento! Hai 6 messaggi in arrivo bloccati! > (Last warning! You have 6 incoming messages blocked!)

We examine below the phishing attempt aimed at stealing the mailbox of the victim.

The message informs the recipient that there are 6 new outstanding messages, which have been blocked, due to a validation error. It then invites the victim to validate his identity, confirming to be the mail account holder, by clicking on the following link:

CLICCA QUI PER VISUALIZZARE I TUOI MESSAGGI IN ARRIVO (CLICK HERE TO VIEW YOUR INCOMING MESSAGES)

Examining the email, we see that the message is detailed and some information about the 6 outstanding messages is given, especially about the subject of the message, listed in the screenshot as "Materia" (Matter). However the message comes from an email address not traceable to any email provider <no-reply(at)reparatur-anmeldung(dot)de>. This is definitely anomalous and should, at the very least, make us suspicious.

Anyone who unluckily clicks on the link CLICCA QUI PER VISUALIZZARE I TUOI MESSAGGI IN ARRIVO  (CLICK HERE TO VIEW YOUR INCOMING MESSAGES), will be redirected to an anomalous WEB page.
From the image below, we see that you are asked to enter the password of the mailbox -subject of the scam - through an authentication mask..

The screen that appears is very bare and lacks information, especially concerning the e-mail provider where the recipient's e-mail box should be housed.
At a glance we notice especially that the login page has an anomalous address/domain....
In the image we can see that the page hosting the authentication form is:
https[:]//ipfs[.]fleek[.]co/ipfs/bafybeibbc7xg5otpvpzekm3xgdijbsd27hrg3ocsxczj4xflmqcxcv4ine#...

July 11, 2022 ==> Phishing EuroPages

«SUBJECT: <HOLGER FRIEDRICH: TI HA INVIATO UN MESSAGGIO DI RICHIESTA SUL TUO PRODOTTO SU EUROPAGES> (HOLGER FRIEDRICH: SENT YOU AN INQUIRY MESSAGE ABOUT YOUR PRODUCT ON EUROPAGES)

Here's another phishing attempt coming as a false communication from EuroPages, aiming at stealing the victim's account login credentials.

The message, allegedly from EuroPages (the largest international B2B sourcing platform), notifies the user of an incoming message from a certain "HOLGER FRIEDRICH", concerning his product listed on EuroPages. It then invites the user to log into his account, to view the request message, via the following link:

>>>ACCEDI AL MIO ACCOUNT  (LOGIN TO MY ACCOUNT)

If we examine the email, we see that the message comes from an email address not traceable to the official EuroPages' domain <holger(dot)reimer(at)mytng(dot)de>. This is definitely anomalous and should, at the very least, make us suspicious.

Anyone who unluckily clicks on the link >>>ACCEDI AL MIO ACCOUNT (LOGIN TO MY ACCOUNT)  will be redirected to an anomalous WEB page.
 
In the screen in this image we are asked to log into our EuroPages account, entering our credentials. At a glance, however, we notice that the login page is hosted on an anomalous address/domain...

https[:]//www[.]zenon7-serbia[.]com/Europages_it_user_Europages_myAccount...

If you enter your data on this FORM to perform verification/confirmation of your data, the data will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .

July 08, 2022==> Phishing EuroPages

«SUBJECT:<ORONZO DEL POZZO TI HA INVIATO UNA RICHIESTA SU EUROPAGES> (ORONZO DEL POZZO SENT YOU A REQUEST ON EUROPAGES)

We find again the following phishing attempt, allegedly a communication from EuroPages, aimed at stealing the victim's account login credentials.

The message, supposedly from EuroPages - the largest international B2B sourcing platform - notifies the user of an incoming message, concerning his product listed on EuroPages. from a certain "ORONZO DEL POZZO",  (very unique name). He then invites the user to log into his account to view the request message, via the following link:

>>>ACCEDI AL MIO ACCOUNT  (LOGIN TO MY ACCOUNT)
 
If we examine the email, we see that the message comes from an email address not traceable to the official EuroPages' domain <holger(dot)reimer(at)mytng(dot)de>. This is definitely anomalous and should, at the very least, make us suspicious.

Anyone who unluckily clicks on the link >>>ACCEDI AL MIO ACCOUNT (LOGIN TO MY ACCOUNT), will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 06, 2022 ==> Phishing Account di Posta elettronica (Email Account)

«SUBJECT < 06/07/22 Password EXpiry >

The following is a new phishing attempt aimed at stealing the victim's inbox.

The message notifies the user that his e-mail account password is expiring.
It then invites him to click on the following link to keep his password:

KEEP MY PASSWORD

Examining the email we observe that the message comes from an email address not traceable to any email provider <marty(at)egeanfinanciall(dot)com>, and clearly it is not from the recipient's email server. This is definitely anomalous and should, at the very least, make us suspicious.

Anyone who unluckily clicks on the link KEEP MY PASSWORD will be redirected to an anomalous WEB page. Then (see the image below), we are asked to enter the password of the mailbox -subject of the scam - through an authentication mask.

The screen that appears is definitely suspicious, in fact the username of the victim to log in is shown and he is asked to enter his password.
At a glance we notice especially that the login page has an anomalous address/domain....
In the image we can see that the page hosting the authentication form is:

https[:]//zdjad-pyaaa-aaaad-qc5aq-cai[.]raw[.]ic0[.]app/login... If you enter your data on this FORM to perform verification/confirmation of your data, the data will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .

July 05, 2022 ==> Phishing Banco BPM

«SUBJECT: <✅  BANCO BPM GRUPPO BANCARIO - Sistema di notifica di sicurezza. - ( 118977610021  )> (BANCO BPM BANK GROUP - Security Notification System.)

This new phishing attempt comes as a fake e-mail from Banco BPM.

Anyone who unluckily clicks on the link Esegui l'autorizzazione  (Execute the authorization), will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.

July 04, 2022 ==> Phishing Banco BPM

«SUBJECT: <✅  BANCO BPM GRUPPO BANCARIO - Re: stimato cliente il tuo account è stato bloccato aggiornare i dati ora per sbloccare. - ( 546275584027  )> (BANCO BPM BANK GROUP - Re: valued customer your account has been locked update data now to unlock. - ( 546275584027 )

This new phishing attempt comes as a fake e-mail from Banco BPM.

Anyone who unluckily clicks on the link Inizia l'aggiornamento  (Start updating), will be redirected to an anomalous WEB page.
 
From the side image we see that you are asked to log in to your Banco BPM account by entering your credentials. The web page is graphically deceptively set up, however we note that the address/domain is abnormal...
https[:]//bpm-sicurezza[.]com/

If you enter your data on this FORM to perform verification/confirmation of your data, the data will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .

July 04, 2022==> Phishing EuroPages

«SUBJECT: <Nuovo messaggio Richiesta da GABI BERGER> (New message Requested by GABI BERGER)

We find again the following phishing attempt, a communication allegedely from EuroPages, aimed at stealing the victim's account login credentials.

The message, seemingly from EuroPages - the largest international B2B sourcing platform - notifies the user of an incoming message from a certain "GABI BERGER", concerning his product listed on EuroPages.  It then invites the user to log into his account to view the request message, via the following link:

>>>ACCEDI AL MIO ACCOUNT (LOGIN TO MY ACCOUNT)

If we examine the email, we see that the message comes from an email address not traceable to the official EuroPages' domain <holger(dot)reimer(at)mytng(dot)de>. This is definitely anomalous and should, at the very least, make us suspicious.

Anyone who unluckily clicks on the link >>>ACCEDI AL MIO ACCOUNT (LOGIN TO MY ACCOUNT)  will be redirected to an anomalous WEB page.
 
From the side image we notice that you are asked to log into your EuroPages account by entering your credentials. At a glance, however, we notice that the login page is hosted on an anomalous address/domain.

https[:]//www[.]is-webs[.]com/Europages[.]it/user/myEuropages/verify_your_identity/login[.]imap...

If you enter your data on this FORM to perform verification/confirmation of your data, the data will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .