PHISHING INDEX
Below are the most common email phishing attempts detected by TG Soft's Anti-Malware Research Center in
August 2022:
31/08/2022 =>
Account Posta Elettronica (Email Account)
29/08/2022 =>
Aruba iCloud
26/08/2022 =>
Nexi Smishing
22/08/2022 =>
Comfort e pulizia in casa (Home comfort and cleanliness)- Dyson V11
22/08/2022 =>
SCAM - Donazione (Donation)
18/08/2022 =>
SumUp
17/08/2022 =>
Aruba - Disattivazione casella e-mail (Mailbox deactivation)
16/08/2022 =>
SCAM - CONVOCAZIONE GIUDIZIARIA (SUMMONS)
16/08/2022 =>
Texas Roadhouse
15/08/2022 =>
Target Shopper
10/08/2022 =>
Banco Mediolanum
09/08/2022 =>
Account di posta (Email Account)
08/08/2022 =>
Aruba - Dominio scaduto (Expired domain)
05/08/2022 =>
Aruba - Dominio scaduto (Expired domain)
05/08/2022 =>
Aruba - Recupera i messaggi (Retrieve messages)
04/08/2022 =>
SCAM - INTERPOL
04/08/2022 =>
Aruba CloudFlare
03/08/2022 =>
Spedizione in attesa (Pending shipment)
These emails are intended to trick some unfortunate person into providing sensitive data - such as bank account information, credit card codes or personal login credentials - with all the possible easily imaginable consequences.
August 31, 2022 ==> Phishing Account di posta (Email Account) - Syncing Error
«SUBJECT:
< Re: Syncing Error - (6) Incoming failed mail. >
We examine below the phishing attempt aimed at stealing the victim's inbox.
The message, in English, notifies the recipient that he has 6 new incoming messages with the subject line: "
Re:Balance Payment as of 8/31/2022 5:10:45 a.m.", which have been blocked, since considered as Spam. The victim, then, can view his e-mails by clicking on the following link and logging in to his account:
View Emails
When we examine the email, we notice that the message comes from an email address not traceable to any email provider <
noreply(at)cpanel(dot)com>. This is definitely anomalous and should, at the very least, make us suspicious
.
Anyone who unluckily clicks on the link
View Emails will be redirected to an anomalous WEB page.
As we can see from the side image, clicking the link, we are directed to a web page that mimics reasonably well the official
Gmail's site. The simulation is mainly obtained through the graphic devices used, that can mislead the user.
The account management access page is hosted on an anomalous address/domain, which we report below:
https[:]//accounts[.]google[.]com/v3/signin/identifier...
If you enter your
Gmail account login information on this FORM, to log in to your mail account, it will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .
August 29, 2022 ==> Phishing Aruba iCloud
«SUBJECT: <
Hai ricevuto un documento condiviso per le imprese tramite iCloud Aruba.it >
(You received a shared document for business through iCloud Aruba.com.)
Here is another phishing attempt that comes as a false communication from
Aruba.
The message informs the recipient that a new shared document is available through
Aruba iCloud. It then invites the user to view the PDF file through the following link:
Visualizza PDF in linea (View PDF online)
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining the text of the message, we notice right away that the sender's e-mail address <
customercares(at)icloud(dot)com>, is not from
Aruba's official domain.
Anyone who unluckily clicks on the link
Visualizza PDF in linea,
(View PDF online) will be redirected to an anomalous WEB page,which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
August 26, 2022==> Smishing Nexi
We examine below a new smishing attempt behind a fake text message from
Nexi.
The message, which we reproduce on the side, alerts the unsuspecting recipient that his
Nexi APP, appears to be associated with a device in Lugano, and then invites him to block the account if it is not authorized for use, through the proposed link:
"http://assistenzappnexipay[.]me"
At first we see that the message is misleading; in fact, the link given could mislead the user who, driven by haste, is induced, for security reasons, to click on the link to block his
Nexi account.
The purpose clearly is to lead the user to click on the link
: "http://assistenzappnexipay[.]me".
As we can see from the side image, the web page to which we are directed by the link in the text message, mimics reasonably well
Nexi's official website, mainly through the graphic devices used, that can mislead the user.
The access page for account management, however, is hosted on an anomalous address/domain that cannot be referred to
Nexi's official domain, which we report below:
assistenzappnexipay[.]me
If you enter your
Nexi account login information on this FORM, to log in to your checking account, it will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .
August 22, 2022==> Phishing Comfort e pulizia in casa (Home comfort and cleanliness)
Below is a phishing attempt, hiding behind a fake post, that brags about the chance to win a Dyson V11 vacuum cleaner at a very tempting price...clearly it is a FRAUD!
The message, which we reproduce on the side, informs the victim, that due to a shipment confiscation of Dyson V11 vacuum cleaners destined for the
Lidl chain in Italy, the well-known appliance - that has a much higher value - is available at the incredible price of 1.95 euros.
Examining the advertisement post, we notice right away that the image depicting the discounted vacuum cleaner - intended for the Lidl chain - may be misleading as the well-known logo of the
Lidl supermarket chain was used. However, with more attention, we can see that the other products depicted are not
Lidl's usual products.
Anyone who clicks on the link will be redirected to a web page, where the payment of the small sum of Euro 1.95 is required for a chance to win the fantastic Dyson V11...
To make the message more trustworthy, at the bottom of the post there are several users' comments who apparently received their Dyson V11 - paying the small sum of Euro 1.95 - directly at home! The comments also include pictures depicting the actual receipt of the appliance.
Surely if so many users have been lucky why not try your luck? In any case, the amount required is really small....
Instead, the purpose of the cyber criminals is just to induce the user to enter his sensitive data and credit card details requested for payment!
Anyway we can see that among the various comments, some users recognize in this post a real attempt of FRAUD!
To conclude, we always urge you to be wary of advertisements/promotional messages that brag about "giving away" valuables, and avoid clicking on suspicious links which could lead to a counterfeit site, putting your most valuable data in the hands of cyber crooks for their use and profit
.
August 22, 2022 ==> SCAM Donazione (Donation)
Below is a SCAM attempt. This is a fraud attempt aimed at stealing or transferring large sums of money through false communication by the scammer.
The message informs the recipient that he has been selected as one of the lucky winners of a donation worth $100,800,000.00. The message would appear to come from Ms. "MacKenzie Scott Former wife of the CEO and founder of Amazon" , the benevolent creator of this initiative that is donating $4 billion to charities, to "provide support to people suffering economically from the COVID-19 pandemic."
He then invites the victim to write to the address listed <stv(at)kyiv(dot)npu(dot)gov(dot)ua> for more information.
Clearly, this is a scam attempt for the purpose to transfer large sums of money... the goal of cyber criminals undoubtedly remains to get hold of your data in order to use them for illegal purposes...
August 18, 2022 ==> Phishing SumUp
SUBJECT: <
L'applicazione SumUp, nuovo aggiornamento> ; <
Nuovo aggiornamento#035742>
(The SumUp application, new update); (New Update#03574)
Below is a new phishing attempt, hidden behind a false communication from
SumUp, the "POS Mobile" payments software that enables to pay using your smartphone or tablet.
On the side we can see 2 examples of phishing. In both cases, the message informs the recipient that he needs to update his contact information (E-mail and/or Mobile Number) by logging into their
SumUp's account. It then says that the update operation is not available in the mobile version, but it's necessary to use the following links (we observe that the link proposed in the second image is in German):
Il Mio Account (My ccount)
Mein Konto
At first we notice that the text of the email is very generic and thin. Furthermore, the alert email comes from an email address <hello(at)announcement(dot)deliveroo(dot)it> that is clearly not from the official
SumUp's domain.
Anyone who unluckily clicks on the link:
Il Mio Account (My ccount) or
Mein Konto will be redirected to an anomalous WEB page, which has nothing to do with the official
SumUp's site, but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
August 17, 2022 ==> Phishing Aruba "Disattivazione casella e-mail" (Mailbox deactivation)
«SUBJECT: <
Disattivazione casella e-mail per scadenza dominio. >
(Mailbox deactivation due to domain expiration)
Here is another phishing attempt, that comes as a false communication from
Aruba.
The message informs the recipient that his domain, hosted on
Aruba, will expire on
18/08/2022. If the domain is not renewed by that date, it will be deactivated togheter with all associated services - including mailboxes - so it won't be possible to send and receive messages It then invites the user to renew the domain through the following link:
https[:]//hosting[.]aгuba[.]it/rinnovare-un-dominio/modalita-di-rinnovo/rinnovo-standard[.]aspx
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining the text of the message, we notice right away that the sender's e-mail address <
postmaster(at)sidexpress(dot)com>, is not from
Aruba's official domain.
Anyone who unluckily clicks on the link
https[:]//hosting[.]aгuba[.]it/rinnovare-un-dominio/modalita-di-rinnovo/rinnovo-standard[.]aspx will be redirected to an anomalous WEB page,which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes
August 16, 2022 ==> SCAM - CONVOCAZIONE GIUDIZIARIA (SUMMONS)
«SUBJECT: <
Rapporto _n.1700998 del 16/08/2022/ Re: ACCUSA!>
(Report _n.1700998 of 16/08/2022/ Re: ACCUSATION!)
Below is another SCAM attempt dealing with a false child pornography complaint, that comes via email allegedly from "Mr.
LAMBERTO GIANNINI elected to the presidency of Europol, commissioner general of the State Police, head of the child protection brigade
(BPM)".
The message that comes through a very suspicious email <
gianninilamberto20(at)gmail(dot)com>, notifies the victim that a complaint has been received against him for "
activity via your Internet connection" and invites him to open the following .pdf attachment: <
MANDATO-PJ2022 1 1>. When we open the attachment, which we see below, we notice that it is set up in a graphically deceptive manner, and seems to be signed by "
Mr.
LAMBERTO GIANNINI,
Director General of the State Police." The complaint subject of the message, seems to refer to a case of child pornography, pornographic sites, cyberpornography, pedophilia, and exhibitionism uncovered following a computer seizure.
This is scam attempt by cyber criminals, whose goal is to extort a sum of money, in this case in the form of a fine. In fact, the message states the following:
"For privacy reasons we are sending you this e-mail, you are requested to email usl:
(gianninilamberto20@gmail.com), writing your reasons for them to be examined and
verified in order to assess sanctions; this within a strict deadline of 24 hours."
If the victim does not reply within 24 hours, a complaint and arrest warrant will be filed, in addition to the release of the video to the media. It is quite simple to realize that this is a false report. In fact we observe that, first of all the report is not personal, moreover the document contains a very suspicious stamp and incongruity in the reported contact emails.
Clearly, this is a scam attempt ,trying to steal sensitive user data and to extort sums of money.
August 15, 2022 ==> Phishing Texas Roadhouse
SUBJECT:<
Leave your feedback and you could WIN!>
This new phishing attempt pretends to be a communication from
TEXAS Roadhouse, an American steakehouse.
The message, in English, informs the recipient that he has been selected among the participants, in the monthly promotion, for a chance to win a Gift Card worth $100.
It then invites the user to participate, via the following link:
Click Here To Get Started
At first we notice that the text of the email is very generic and thin. Furthermore, the alert email comes from an email address <
TexasRoadhouseShopperGiftOpportunity(at)starbucksurvey(dot)za(dot)com> that is clearly not from the official
TEXAS Roadhouse's domain.
Anyone who unluckily clicks on the link
Click Here To Get Started, will be redirected to an anomalous WEB page, which has nothing to do with the official
TEXAS Roadhouse's site, but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
August 15, 2022 ==> Phishing Target Shopper
SUBJECT: <
Congratulations! You can get a $50 Target gift card!>
This new phishing attempt pretends to be a communication from
Target Shopper, a shopper marketing agency.
The message, in English, informs the recipient that he has been selected among the participants, in the monthly promotion, for a chance to win a Gift Card worth $50.
It then invites the user to participate, via the following link:
Click here to get started
At first we notice that the text of the email is very generic and thin. Furthermore, the alert email comes from an email address <
TargetOpinionRequested(at)ikeasurvey(dot)za(dot)com> that is clearly not from the official
Target Shopper's domain.
Anyone who unluckily clicks on the link
Click here to get started will be redirected to an anomalous WEB page, which has nothing to do with the official
Target Shopper's site, but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
August 10, 2022 ==> Phishing Banco Mediolanum
SUBJECT: <
Necessarie nuove misure di sicurezza.!!>
(New security measures needed.!!!)
This new phishing attempt pretends to be a communication from
Banco Mediolanum.
The message informs the recipient that, due to new security measures, if he does not update all online services linked to their
Banco Mediolanum account, they could be disabled.
It then invites the user to update his
Banco Mediolanum account, via the following link
:
https//bancamediolanum[.]it/ecm2022/?login=true
At first, we notice that the text of the email is very generic and lacks information about the account holder. Moreover, the alert email comes from an email address <
supportMediolanum(at)studiowittenau(dot)nl> that is clearly not from
Banco Mediolanum's official domain. However, the cybercrook had the graphic trick to include the well-known
Banco Mediolanum logo and some identifying data at the bottom, such as the VAT number.
Anyone who unluckily clicks on the link
https//bancamediolanum[.]it/ecm2022/?login=true will be redirected to an anomalous WEB page, which has nothing to do with the official
Banco Mediolanum's site, but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
August 09, 2022 ==> Phishing Account di posta (Email Account)
«SUBJECT:
< Email Verification Update To Avoid Shut Down >
We examine below the phishing attempt aimed at stealing the mailbox of the victim.
The message, in English, informs the recipient that it is necessary to verify his mail account, following a system update, to avoid a shutdown. It then invites the victim to confirm his data, via the following link:
View Pending Messages In Mail Saver.
Examining the email, we notice that the message comes from an email address not traceable to any email provider <
noreply(at)cpanel(dot)com>. This is definitely anomalous and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the link
View Pending Messages In Mail Saver. will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
August 08, 2022 ==> Phishing Aruba - Dominio scaduto (Expired domain)
«SUBJECT:<
Aruba.it : Notifica nuovo messaggio ❗ >
(Aruba.it : New Message Notification)
Here is another phishing attempt that comes as a false communication from
Aruba.
The message informs the recipient that his domain, hosted on
Aruba, will expire on
09/08/2022. If the domain is not renewed by that date, it will be deactivated togheter with all associated services, - including mailboxes - so it won't be possible to send and receive messages. It then invites the user to renew the domain through the following link:
Clicca qui (Click here)
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient
Examining the text of the message, we notice right away that the sender's e-mail address <
supportortsuppoemupport(at)lvpik-nrw(dot)de>, is not from
Aruba's official domain.
Anyone who unluckily clicks on the link
Clicca qui (Click here) will be redirected to an anomalous WEB page,which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes
August 05, 2022==> Phishing Aruba - Dominio scaduto (Expired domain)
«SUBJECT: <
Il dominio è scaduto, rinnovalo ora. >
(The domain has expired, renew it now.)
Here is another phishing attempt that comes as a false communication from
Aruba.
The message informs the recipient that his domain, hosted on
Aruba, will expire on
05/08/2022. If the domain is not renewed by that date, it will be deactivated togheter with all associated services, - including mailboxes - so it won't be possible to send and receive messages. It then invites the user to renew the domain through the following link:
RINNOVA ORA CON UN CLICK (RENEW NOW WITH A CLICK)
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining the text of the message, we notice right away that the sender's e-mail address <
support(at)robertoferretti(dot)it>, is not from
Aruba's official domain.
Anyone who unluckily clicks on the link
RINNOVA ORA CON UN CLICK (RENEW NOW WITH A CLICK), will be redirected to an anomalous WEB page,which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
August 05, 2022==> Phishing Aruba
«SUBJECT: <
Non è stato possibile recapitare il messaggio alla tua casella di posta, risolvilo >
(The message could not be delivered to your inbox, fix it)
Here is another phishing attempt that comes as a false communication from
Aruba.
The message informs the recipient that there are 2 new messages sent but not successfully delivered to his mailbox hosted on
Aruba, because "
Aruba has a new mailbox management policy." It then warns the user that it will take 48 hours for the system to retrieve the pending messages. However, if he wants to retrieve them sooner - to prevent them from being rejected - he can renew through the following link:
Accedi di nuovo qui per recuperare i messaggi (Login here again to retrieve your messages)
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining the text of the message, we notice right away that the sender's e-mail address <
holger(dot)reimer(at)mytng(dot)de>, is not from
Aruba's official domain.
Anyone who unluckily clicks on the link
Accedi di nuovo qui per recuperare i messaggi (Login here again to retrieve your messages), will be redirected to an anomalous WEB page. From the image below we notice that an authentication mask appears, where you are asked to enter your email and password to access your mail account.
The screen that appears is graphically deceptive in that the cyber criminal had the foresight to include the well-known Aruba logo.
At a glance we notice especially that the login page has an anomalous address/domain....
In the image we can see that the page hosting the authentication form is:
https[:]//parkapartamenty[.]pl/wp-admin/user/user[.]MyAccount[.]login[.]Aruba/Aruba...
If you enter your information on this FORM to verify/confirm it, it will be sent to a remote server and used by cyber crooks with all the associated risks easily imaginable.
August 04, 2022 ==> SCAM INTERPOL
«SUBJECT: <
CONVOCAZIONE GIUDIZIARIA>
(SUMMONS)
The following is a SCAM attempt. It is a false complaint about child pornography, sent via email, allegedly from "
Mr. Teo LUZI, Army General, Carabinieri General Commander and Head of International Police Cooperation."
The message that comes through a highly suspicious email <
teoluzi79(at)gmail(dot)com>, contains only a .pdf file called <
CONVOC-IT (1) (1)>. When we open the attachment - which we see below - we notice that it is set up in a graphically deceptive manner, and seems to be really signed by the
Gen. Teo LUZI Army Corps General. The complaint, subject of the message, allegedely refers to a case of child pornography, pornographic sites, cyberpornography, pedophilia, and exhibitionism uncovered following a computer seizure.
This is a scam attempt by cyber criminals, whose goal is to extort a sum of money, in this case in the form of a fine. In fact, the message states the following:
"Please make your voice heard by emailing us your justifications
so that they can be thoroughly investigated and verified in order to assess sanctions; this within a strict 72-hour period."
If the victim does not reply within 72 hours, a complaint and warrant will be filed, as well as a threat to release the video to the media. It is quite simple to realize that this is a false report. In fact we observe that, first of all the report is not personal, moreover the document contains a very suspicious stamp and incongruity in the reported contact emails
Clearly, this is an attempted scam aiming to steal sensitive user data and extort sums of money.
August 04, 2022 ==> Phishing Aruba CloudFlare "Rinnovo non riuscito" (Failed renewal)
«SUBJECT: <
Un documento è stato condiviso con te per motivi di lavoro tramite Aruba.it Cloudflare >
(A document was shared with you for business purposes via Aruba.it Cloudflare)
Here we find again this month the following phishing attempt, that comes as a false communication from
Aruba.
The message informs the recipient that a new document, shared through
Aruba.it CloudFlare, is available. It then invites the user to view the PDF file through the following link:
Visualizza PDF in linea (View PDF online)
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining the text of the message, we notice right away that the sender's e-mail address <
holger(dot)reimer(at)mytng(dot)de>, is not from
Aruba's official domain.
Anyone who unluckily clicks on the link
Visualizza PDF in linea,
(View PDF online) will be redirected to an anomalous WEB page.
From the image below, we see that you are asked to enter the password of the mailbox -subject of the scam - through an authentication mask.
The screen that appears is graphically deceptive, in that the cyber criminal had the foresight to insert images of Aruba Cloudflare.
At a glance we notice especially that the login page has an anomalous address/domain....
In the image we can see that the page hosting the authentication form is:
https[:]//ecriture-ecoute[.]fr/wp-content/webmailbeta[.]aruba[.]it/main/user/...
If you enter your data on this FORM to perform verification/confirmation of your data, the data will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .
August 03, 2022 ==> Phishing: Spedizione in attesa (Pending shipment)
«SUBJECT:
< Re: Spedizione in attesa di conferma consegna e possibili opzioni #047-416571 > (Re: pending shipment delivery confirmation and possible options #047-416571)
Here we find again this month the phishing attempt hiding behind a false communication from the Italian Postal Service, regarding the delivery of an alleged package.
The message notifies the unsuspecting recipient that his package is awaiting delivery, and that he must confirm the delivery address within 2 days, otherwise the package will return to the sender. The tracking code <371-34632900> is given. We see that the email is graphically well laid out to make the message look more trustworthy, and is apparently from the Italian Postal Service
Poste Italiane. These messages are increasingly being used to scam consumers who, imore and more, use e-commerce for their purchases.
The message then invites the user to schedule delivery through chat bott, by clicking on the following link:
AVVIA LA CHAT (start the chat)
The alert email comes from an email address <
web(at)glesys(dot)com> that isn't from any known courier. Anyone who clicks on the link will be redirected to a web page, which graphically mimic the
Track&Trace page and alerts of 1 pending message, asking the user to open it.
We notice in the side image, however, that the url address on the broswer bar, has nothing at all to do with
Track&Trace's authentic domain:
https[:]//agretermco[.]com/?ud=YJAjlbHmRgf0J...
Then clicking on ''Confermare'' (Confirm), we are redirected to another screen warning of the pending delivery of the package, and giving a tracking code, to track the package...
Continuing on, after clicking on ''Pianifica la tua consegna'' ''Schedule your delivery'' we are presented with a new screen
The next screen gives us information on the status of the package "Stopped at the distribution hub" and asks us to choose the mode for the new delivery, at a cost of €2.
|
The subsequent screen asks us how we prefer the package to be delivered: "I want it delivered to me" or
"I will pick it up myself."
|
This is followed by 2 more questions like the previous one, where we are asked where we prefer the package to be delivered: "At home" or "At work" and when we prefer it to be delivered: "Weekdays" or "Weekends."
After selecting our preferences, we finally arrive at a new screen confirming the sending of the package, with estimated delivery in 3 days....Then you are redirected to a further page to enter your contact details and pay the €2 shipping cost.
From the image on the side we notice that our personal information is actually requested to send the package and then the payment. As you can see, the login page is hosted on an abnormal address/domain, that clearly has nothing to do with
Track&Trace...
https[:]//sitebest[.]store/c/THHFvF9?s1=102d3dfb...
The purpose of this elaborate fake email, is to induce the user to enter his personal information.
To conclude, we always urge you to be wary of any email asking for confidential data, and avoid clicking on suspicious links which could lead to a counterfeit site, difficult to distinguish from the original, thus putting your most valuable data in the hands of cyber crooks for their use and profit
A little bit of attention and glance, can save a lot of hassle and headaches..
We urge you NOT to be fooled by these types of e-mails, which, even though they use familiar and not particularly sophisticated approach techniques, if there is a resurgence, with reasonable likelihood more than a few unfortunates will be fooled.
We invite you to check the following information on Phishing techniques for more details:
06/07/2022 12:39 - Phishing: the most common credential theft attempts in July 2022....
06/06/2022 14:30 - Phishing: the most common credential theft attempts in June 2022...
02/05/2022 11:06 - Phishing: the most common credential theft attempts in May 2022..
06/04/2022 16:51 - Phishing: the most common credential theft attempts in April 2022..
08/03/2022 17:08 - Phishing: the most common credential theft attempts in March 2022
03/02/2022 16:25 - Phishing: the most common credential theft attempts in February 2022....
04/01/2022 09:13 - Phishing: the most common credential theft attempts in January 2022...
03/12/2021 15:57 - Phishing: the most common credential theft attempts in December 2021
04/11/2021 09:33 - Phishing: the most common credential theft attempts in November 2021.....
07/10/2021 14:38 - Phishing: the most common credential theft attempts in October 2021..
10/09/2021 15:58 - Phishing: the most common credential theft attempts in September 2021..
05/08/2021 18:09 - Phishing: the most common credential theft attempts in August 2021..
Try Vir.IT eXplorer Lite
If you are not yet using Vir.IT eXplorer PRO, it is advisable to install Vir.IT eXplorer Lite -FREE Edition- to supplement the antivirus in use to increase the security of your computers, PCs and SERVERS.
Vir.IT eXplorer Lite has the following special features:
- freely usable in both private and corporate environments with Engine+Signature updates without time limitation;
- interoperable with any other AntiVirus, AntiSpyware, AntiMalware or Internet Security already present on PCs and SERVERs. We recommend to use it as a supplement to the AntiVirus already in use as it does not conflict or slow down the system but allows to significantly increase security in terms of identification and remediation of infected files
- it identifies and, in many cases, even removes most of the viruses/malware actually circulating or, alternatively, allows them to be sent to the C.R.A.M. Anti-Malware Research Center for further analysis to update Vir.It eXplorer PRO;
- through the Intrusion Detection technology, also made available in the Lite version of Vir.IT eXplorer, the software is able to report any new-generation viruses/malware that have set in automatically and send the reported files to TG Soft's C.R.A.M
- proceed to download Vir.IT eXplorer Lite from the official distribution page of TG Soft's website.
VirIT Mobile Security AntiMalware ITALIAN for ALL AndroidTM Devices
VirIT Mobile Security, the Italian Anti-Malware software that protects Android™ smartphones and tablets, from Malware intrusions and other unwanted threats and empowers the user to safeguard their privacy with an advanced heuristic approach (Permission Analyzer)
TG Soft makes VirIT Mobile Security available for free by accessing the Google Play Store market (https://play.google.com/store/apps/details?id=it.tgsoft.virit) where you can download the Lite version, which can be freely used in both private and business settings
You can upgrade to the PRO version by purchasing it directly from our website: https://www.tgsoft.it/italy/ordine_step_1.asp
Acknowledgements
TG Soft's Anti-Malware Research Center would like to thank all users, customers, reseller technicians, and all people who have transmitted/reported material attributable to Phishing activities to our Research Center that allowed us to make this information as complete as possible.
How to send suspicious emails for analysis as possible phishing but also virus/malware or Crypto-Malware
You can submit materials to TG Soft's Anti-Malware Research Center safely and free of charge in two ways:
- Any suspect email can be sent directly by the recipient's e-mail, to the following mail lite@virit.com,choosing as sending mode "Forward as Attachment" and inserting in the subject section "Possible phishing page to verify" rather than "Possible Malware to verify"
- Save the e-mail to be sent to TG Soft's C.R.A.M. for analysis as an external file to the e-mail program used. The resulting file must be sent by uploading it from the page Send Suspicious Files (http://www.tgsoft.it/italy/file_sospetti.asp). Obviously if you want a feedback on the analysis of the data submitted, you have to indicate an e-mail address and a brief description of the reason for the submission (for example: possiible / probable phishing; possible / probable malware or other).
For more details on how to safely forward suspicious e-mails, we invite you to consult the following public page: How to send suspicious emails for analysis
We provide all this information to help you prevent credential theft, viruses/malware or, even worse, next-generation Ransomware / Crypto-Malware.
TG Soft's C.R.A.M. (Anti-Malware Research Center)