02/12/2022
15:04

Phishing: the most common credential and/or data theft attempts in December 2022


Find out what are the most common phishing attempts you might encounter and also avoid.

PHISHING INDEX

Below are the most common email phishing attempts detected by TG Soft's Anti-Malware Research Center in December 2022:

29/12/2022 => BRT Spedizione in attesa (Pending shipment)
28/12/2022 => Carrefour
28/12/2022 => Aruba - Rinnovo automatico (Automatic renewal)
24/12/2022 => Account Posta Elettronica - (Email Account) New Order
16/12/2022 => Account Posta Elettronica (Email Account)
14/12/2022 => Leroy Merlin
10/12/2022 => SexTortion
06/12/2022 => Account Posta Elettronica (Email Account)
05/12/2022 => Smishing - Riprogramma la consegna (Reschedule delivery)
04/12/2022 => UPS - Riprogramma la consegna (Reschedule delivery)
01/12/2022 => Account Posta Elettronica (Email Account)
01/12/2022 => Q8 Buoni carburante (Fuel vouchers)
 
These emails are intended to trick some unfortunate person into providing sensitive data - such as bank account information, credit card codes or personal login credentials - with all the possible easily imaginable consequences.

December 29, 2022 ==> Phishing BRT: Spedizione in attesa (Pending shipment)

«SUBJECT: < Abbiamo cercato di contattarti - ****** per favore rispondi!> (We have been trying to contact you - ****** please reply!)

Here we find another phishing attempt hiding behind a false communication from the BRT service, regarding the delivery of an alleged package.

Clicca per ingrandire l'immagine del falsa e-mail di BRT che informa che la spedizione è in attesa di consegna...in realtà si tratta di una TRUFFA!
The message notifies the unsuspecting recipient, that his package could not be delivered, because there was no one to sign for the delivery. An alleged delivery code <34632900-371> is also reported. We notice that the email is graphically well laid out to make the message, which would appear to be from BRT, more trustworthy. These messages are increasingly used to scam consumers who, more and more, use e-commerce for their purchases.
The message then invites the user to confirm the delivery address, to reschedule the shipment, by clicking on the following link:

CONTROLLA QUI   ((CHECK HERE)
Clicca per ingrandire l'immagine del falso sito di BRT dove si dovrebbe monitorare una spedizione in sospeso ma che in realtà è una TRUFFA!
The alert email comes from an email address <SERVICE.=R/!JIQHEPVSBK!/(at)compdes(dot)pro> that is clearly not from BRT's domain. Anyone who clicks on the link will be redirected to a web page, which graphically simulates the BRT page, and warns about 1 message to open.
We notice, however, in the side image, that the url address on the broswer bar, has nothing at all to do with BRT's authentic domain:
https[:]//deicitborders[.]com/42197...

Clicca per ingrandire l'immagine del falso sito di BRT dove viene segnalato il codice di tracciamento, presumibilmente falso, del pacco in sospeso....
Then, when we click on ''Conferma'' (Confirm), we are bounced to another screen, where we are notified that the package delivery is pending, and a supposed tracking code is given, to reschedule the package delivery...
Moving on, after clicking on ''Pianifica la consegna'' (Schedule delivery) we are presented with a new screen
 The  subsequent screen gives us information on the status of the package "Stopped at the distribution hub", and prompts us to choose the mode to arrange for the new delivery, at a cost of €1.95.
Clicca per ingrandire l'immagine del falso sito di BRT dove vengono riportate le informazioni sul pacchetto in sospeso....
The next screen asks us how we prefer the package to be delivered: "I wish them to deliver it to me" or
"I will pick it up in person."
Clicca per ingrandire l'immagine del falso sito di BRT dove vengono riportate le informazioni sul pacchetto in sospeso....

Clicca per ingrandire l'immagine del falso sito di BRT dove vengono richieste le informazioni necessarie per la spedizione del pacchetto in sospeso....
This is followed by 2 more questions like the previous one, asking where we prefer the package to be delivered: "At home" or "At work" and when we prefer it to be delivered: "Weekdays" or "Weekends."
 
After selecting our preferences, we finally arrive at a new screen that confirms that the package has been sent, with estimated delivery in 3 days....At this point you should be sent back to a further page to enter your contact details and paying the shipping cost of €1.95.  

Clicca per ingrandire l'immagine del falso sito di BRT dove viene richiesto l'inserimento delle informazioni necessarie per la spedizione del pacchetto in sospeso e il pagamento...attenzione si tratta di una TRUFFA!
From the side image we notice that your personal information is actually requested to send the package and then payment. As you can see, the login page is hosted on an abnormal address/domain, and that clearly a has nothing to do with BRT...

https[:]//thebigsavings[.]net//c/UcyZ1JW?s1=102da4d0eff74cf2fc4b85...

The purpose of all this is to induce the user to enter his/her personal data.
To conclude, we always urge you to be wary of any email asking for confidential data, and avoid clicking on suspicious links which could lead to a counterfeit site, difficult to distinguish from the original, putting your most valuable data in the hands of cyber crooks for their use and profit.


December 28, 2022 ==> Phishing Carrefour

SUBJECT: <Carrefour : Ricevere un iPhone 14 Pro GRATIS...> (Carrefour : Receive an iPhone 14 Pro for FREE)

This new phishing attempt pretends to be a communication from Carrefour, the French hypermarket chain.

Clicca per ingrandire l'immagine della falsa e-mail che sembra provenire da Carrefour e che segnala la possibilità di vincere un fantastico iPhone 14 Pro...in realtà si tratta di una TRUFFA!
The message informs the unsuspecting recipient of a chance to win a fantastic iPhone 14 PRO. In fact, he has been selected among the customers, for the chance to win the fantastic prize.
It then invites the user to participate, via the following link:

CONFERMA ORA   (CONFIRM NOW)

at first we note that the alert email comes from an email address <el_kassmi(dot)lat(dot)fst(at)uhp(dot)ac(dot)ma> that is clearly not from Carrefour,'s official domain.

Anyone who unluckily clicks on the link CONFERMA ORA (CONFIRM NOW) will be redirected to an anomalous WEB page.

Clicca per ingrandire l'immagine del falso sito, che cerca di rubare i dati sensibili dell'ignaro ricevente..
The screen that appears, asks you to enter your e-mail address to be registered, and thus be eligible for the prize drawing.

In the image you can see that the page hosting the authentication form, has an abnormal address/domain:

https[:]//endurespiritsi[.]com/0/0/0/u378aead097d2bae...
 
If you enter your data on this FORM, they will be sent to a remote server, and used by cyber crooks, with all the associated risks easily imaginable.
 



December 28, 2022 ==> Phishing Aruba - Rinnovo automatico (Automatic renewal)

«SUBJECT: < [A‎r‎u‎b‎a‎.i‎t] Rinnovo automatico dei tuoi servizi > ([Aruba.it] Automatic renewal of your services)

Here is another phishing attempt that is a fake communication from Aruba.

Clicca per ingrandire l'immagine della falsa e-mail di Aruba che comunica che il dominio è in scadenza, ma in realtà è una TRUFFA!
The message informs the recipient that an error occurred during the automatic renewal of his domain hosted on Aruba, so it is necessary to check his banking information. It then invites the user to fill in the payment information, through the form available at the following link:

ACCEDETE AL VOSTRO MODULO DI PAGAMENTO (LOGIN TO YOUR PAYMENT FORM)


Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient..

Examining the text of the message, we notice right away that the sender's e-mail address <team(at)madsnailtravel(dot)com> is not from Aruba's official domain.

Anyone who unluckily clicks on the link ACCEDETE AL VOSTRO MODULO DI PAGAMENTO (LOGIN TO YOUR PAYMENT FORM),  will be redirected to an anomalous WEB page, which has nothing to do with the official site of Aruba,  but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.





December 24, 2022 ==> Phishing Account Posta Elettronica (Email Account)

«SUBJECT: < New Order >

We examine below the phishing attempt that aims to steal the credentials of the victim's e-mail account.

Clicca per ingrandire l'immagine della falsa e-mail dell'amministratore dell'account di posta elettronica, che cerca di indurre il ricevente a cliccare sui link per rubare le credenziali di accesso all'account.
The message, in English, informs the recipient that it is necessary to confirm the attached order, as shown in the file named "P.O06576[.]html".

Examining the email, we observe that the message comes from a highly suspicious email address <zhonghua(dot)hu(at)peraglobal(dot)com> ,that isn't traceable to the signer of the email. This is definitely anomalous and should, at the very least, make us suspicious.

Clicca per ingrandire l'immagine del falso sito contraffatto che chiaramente non ha nulla a che vedere con la Webmail...
Anyone who unluckily clicks on the link P.O06576[.]html,  will be redirected to an anomalous WEB page which, as you can see from the side image, has nothing to do with the e-mail account manager.
The page to which you are redirected, to enter your mail account credentials, is hosted on an anomalous address/domain, which we report below:

file[:]///C[:]/Users/*****/AppData/Local/Temp/pid-17256/P.O06576-1[.]html

We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks, with all the associated easily imaginable risks.

December 16, 2022 ==> Phishing Account Posta Elettronica (Email Account)

«SUBJECT: < Email Security Upgrade >

We examine below the phishing attempt that aims to steal the credentials of the victim's e-mail account.

Clicca per ingrandire l'immagine della falsa e-mail dell'amministratore dell'account di posta elettronica, che cerca di indurre il ricevente a cliccare sui link per rubare le credenziali di accesso all'account.
The message, in English, informs the recipient that all incoming messages to his inbox will be suspended as of December 19, 2022. It then invites him to update his account on the new platform, for security reasons, through the following link:

UPGRADE ACCOUNT

Examining the e-mail, we observe that the message seems to come from the victim's own e-mail account (in this case a fake mailbox simulating the recipient's one). This is definitely anomalous and should, at the very least, make us suspicious.

Clicca per ingrandire l'immagine del falso sito contraffatto che chiaramente non ha nulla a che vedere con la Webmail...
Anyone who unluckily clicks on the link UPGRADE ACCOUNT, will be redirected to an anomalous WEB page which, as you can see from the image on the side, has nothing to do with the e-mail account manager.
The page you are redirected to, in order to enter your mail account credentials, is hosted on an abnormal address/domain, which we show below:

https[:]//secizle[.]com/Tfdn--htuxkpIjk--lwqBMIF/....

We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks, with all the associated easily imaginable risks .


December 14, 2022 ==> Phishing Leroy Merlin

SUBJECT: < 2 tentativo per *** > (2 attempt for ***)

Below is a phishing attempt, hiding behind a false communication from Leroy Merlin, that brags about a chance to win a Makita Power Drill.

Clicca per ingrandire l'immagine del falsa e-mail di Leroy Merlin che informa della possibilità di vincere un Makita Power Drill...in realtà si tratta di una TRUFFA!
The message, which we reproduce on the side, is graphically well laid out, and looks just like a Christmas offer from DIY company Leroy Merlin, giving a chance to win one of their products by participating in a survey.

"You have been chosen to participate in our Loyalty Program for FREE! It will only take you a minute to win this fantastic prize"

Examining the email, we notice that the message comes from an email address not  traceable to Leroy Merlin's email domain <snh*td-td*eacdb1ca(at)servfor(dot)click>. This is definitely anomalous and should, at the very least, make us suspicious.

Clicca per ingrandire l'immagine del fals sito di Leroy Merlin che invita a partecipare ad un sondaggio per vincere un Makita Power Drill...
Anyone who clicks on the link INIZIARE (START), will be redirected to a web page, where will be asked to participate in a short survey to win the prize: a cool Makita Power Drill ...

The following are the screens with the 5 questions you are asked to answer to win the prize.

Question 1
Clicca per ingrandire l'immagine del falso sito di Leroy Merlin che invita a partecipare ad un sondaggio per vincere un Makita Power Drill...
Question 2
Clicca per ingrandire l'immagine del falso sito di Leroy Merlin che invita a partecipare ad un sondaggio per vincere un Makita Power Drill...

Question 3
Clicca per ingrandire l'immagine del falso sito di Leroy Merlin che invita a partecipare ad un sondaggio per vincere un Makita Power Drill...
Question 4
Clicca per ingrandire l'immagine del falso sito di Leroy Merlin che invita a partecipare ad un sondaggio per vincere un Makita Power Drill...

The last question asks the sex of the participant: "Male" or "Female."
Clicca per ingrandire l'immagine del falso sito di Leroy Merlin dove vengono indicate le istruzini per ricevere un Makita Power Drill...
At the completion of the survey, we finally arrive at a new screen, confirming our winning of the Makita Power Drill - with estimated delivery in 5-7 business days - and giving instructions on how to claim the prize....

Then you should be redirected to a further page to enter your shipping address and pay shipping charges.

Clicca per ingrandire l'immagine del falso sito di Leroy Merlin dove viene richiesto di inserire i prorpi dati per ricevere un Makita Power Drill...
Surely if so many users have been lucky why not try your luck? In any case, the amount required is really small....
Instead, the aim of the cyber criminals is precisely to induce the user to enter his sensitive data and credit card details, that are requested for payment!
The page to which you are redirected, to enter your personal data, is hosted on an anomalous address/domain, which we report below:

https[:]//findings-365[.]net/c/RcrIvRr?s1=102e97d741e837857237....

To conclude, we always urge you to be wary of advertisements/promotional messages that brag about "giving away" valuables, and avoid clicking on suspicious links which could lead to a counterfeit site, putting your most valuable data in the hands of cyber crooks for their use and profit.



December 10, 2022 ==> SexTortion: "Your personal data has leaked..."

We find again this month the SexTortion-themed SCAM campaign. The e-mail seems to suggest that the scammer gained access to the victim's device, which he used to collect data and personal videos. He then blackmailed the user, by demanding payment of a sum of money in the form of Bitcoin, not to divulge among his email and social contacts, a private video of him watching adult sites.

The following is an extract from the text, in English, of the email on the side:

Clicca per ingrandire l'immagine del tentativo di RICATTO VIA E-MAIL, che minaccia di inviare un video di te mentre guardi SITI x Adulti"I am a professional hacker and have successfully managed to hack your operating system. Currently I have gained full access to your account. In addition, I was secretely monitoring all your activities and watching you for several months. the thing is your computer was infected with harmful spyware due to the fact that you have visited a website with porn content previously. Let me explain to you what it entails. Thanks to trojan viruses, I can gain complete access to your computer or any other device that you own. It means that I can see absolutely everything in your screen and switch on the cameraas well as microphone at any point of time without your permission.
In addition, I can also access and see your confidential information as well as your emails and chat messages. You may be wondering why your antivirus cannot detect my malicious software. Let me break it down for you: I am using harmful software that is driver based, which refreshes its signatures on 4-hourly basis, hence your antivirus is unable to detect it presence. I have made a video compilation...All I need is just to share this video to all email addresses and messenger contacts of people you are in communication with on your device or PC. Furthermore, i can also make public all your emails and chat history."


At this point you are asked to send 850 USD in Bitcoin to the wallet listed below: "1JvXXXXXXXXXXXXXXXXXXXXXXn6y' After receiving the transaction all data will be deleted, otherwise a video depicting the user, will be sent to all colleagues, friends and relatives. The victim has 50 hours to make the payment!

Examining the payments made on the wallet indicated by the cyber criminal as of 12/12/2022, we see that there are 2 transactions totaling $763.20.

In such cases we always urge you:
  1. not to answer these kinds of e-mails and not to open attachments or click lines containing unsafe links, and certainly NOT to send any money. You can safely ignore or delete them.
  2. If the criminal reports an actual password used by the user - the technique is to exploit passwords from public Leaks (compromised data theft) of official sites that have occurred in the past (e.g., LinkedIn, Yahoo, etc.) - it is advisable to change it and enable two-factor authentication on that service

December 06, 2022 ==> Phishing Posta Elettronica (Email Account)

«SUBJECT:< Contract Document >
We examine below the phishing attempt, that aims to steal the victim's e-mail account credentials.

Clicca per ingrandire l'immagine della falsa e-mail dell'amministratore dell'account di posta elettronica, che cerca di indurre il ricevente a cliccare sui link per rubare le credenziali di accesso all'account.
The message, in English, informs the recipient that a shared document has been sent via OneDrive - Microsoft's cloud service - and therefore invites him to download the file containing the new contract documents, via the following link:

Review Document

Examining the email, we notice that the message comes from an email address not  traceable to the email signer (some David James) <en_notification(at)made-in-china(dot)com>. This is definitely anomalous and should, at the very least, make us suspicious.

Clicca per ingrandire l'immagine del falso sito contraffatto che chiaramente non ha nulla a che vedere con la Webmail...
Anyone who unluckily clicks on the link Review Document will be redirected to an anomalous WEB page, which, as you can see from the image on the side, has nothing to do with the e-mail account manager.
The page to which you are redirected, to enter your mail account credentials, is hosted on an abnormal address/domain, which we show below:

https[:]//jx55dmnhybrjb4qpu2hbi5pdfguybpeu6nk6lhrwve....

We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks, with all the associated easily imaginable risks .

December 05, 2022 ==> Smishing: Riprogramma la consegna (Reschedule delivery)

Here we find again the text message scam attempt, hiding behind a false communication regarding the delivery of an alleged package.

Clicca per ingrandire l'immagine del faso sms che informa che la spedizione dell'ordine non è andata a buon fine e di riprogrammarla...in realtà si tratta di una TRUFFA!
The message informs the unsuspecting recipient that his package, whose order number <910029334> is also given, could not be delivered. The reason for non-delivery <there was no one home> is specified and is therefore necessary to reschedule the delivery, via the following link:

ujebuj[.]info/xnE8vPK


Clicca per ingrandire l'immagine del falso sito dove si dovrebbe programmare la spedizione di un pacco in sospeso, ma che in realtà è una TRUFFA!
Anyone who clicks on the link will be redirected to a web page, from which they can reschedule delivery of the supposedly outstanding package:

"You have (1) package waiting for delivery. Use your code to track and receive it"

The tracking code to be used is then indicated. We notice, however, in the side image, that the url address present on the broswer bar is very suspicious:

trackpack
[.]qpqclub[.]com
 
Moving on, after clicking on ''Traccia il tuo articolo(Track your article), we are presented with a new screen.

From the image below, we are notified that the delivery of the package is pending due to non-payment of shipping costs of Euro 1.95.
Clicca per ingrandire l'immagine del falso sito dove si dovrebbe monitorare una spedizione in sospeso ma che in realtà è una TRUFFA!
The next screen asks us how we prefer the package to be delivered: "I want it delivered to me" or
"I will pick it up myself."
Clicca per ingrandire l'immagine del falso sito dove si dovrebbe monitorare una spedizione in sospeso ma che in realtà è una TRUFFA!

Clicca per ingrandire l'immagine del falso sito dove si dovrebbe monitorare una spedizione in sospeso ma che in realtà è una TRUFFA!
This is followed by 2 more screens like the previous one, asking where we prefer the package to be delivered: "At home" or "At work" and when we prefer it to be delivered: "Weekdays" or "Weekends".
 
After selecting our preferences, we finally arrive at a new screen, confirming that the package has been sent, with estimated delivery by 08/12/2022....At this point, clicking on ''Inserisci le informazioni per la consegna' (Enter your delivery information), you are redirected to an additional page to enter your contact information and pay the shipping charge of €1.95.

Clicca per ingrandire l'immagine del falso sito che richiede l'inserimento dei propri dati personali...
From the side image, we see that our personal information, is actually requested to send the package and then for payment. As you can see, the login page is hosted on an anomalous address/domain, different from the previous one, and that clearly has nothing to do with any courier...

worldyproducts4you[.]com

The purpose of this is to induce the user to enter his personal information. To make the message truthful, positive comments are also reported from other users, who appear to have received their package...

To conclude, we always urge you to be wary of any email asking for confidential data, and avoid clicking on suspicious links which could lead to a counterfeit site, difficult to distinguish from the original, putting your most valuable data in the hands of cyber crooks for their use and profit.




December 04, 2022 ==> Phishing UPS: Riprogramma la spedizione (Reschedule delivery)

«SUBJECT: < *** Numero di riferimento: 1Z78A1186857294714> (*** Reference number)

Below is a new phishing attempt of this month, hiding behind a false communication from UPS service regarding the delivery of an alleged package.

Clicca per ingrandire l'immagine del falsa e-mail di UPS che informa che la spedizione è in attesa di consegna...in realtà si tratta di una TRUFFA!
The message notifies the unsuspecting recipient that his package, whose reference number <1Z78A1186857294714> is also given, could not be delivered because no one was present for pickup. It then informs him that it is possible to reschedule the delivery at an additional cost of Euro 2.99 for postage. We see that the email is graphically well laid out. In fact, to make the message seem more trustworthy, the UPS logo has been introduced. These messages are increasingly being used to scam consumers who, more and more, use e-commerce for their purchases.
The message then invites the user to pay the customs clearance fee of Euro 2.99 to reschedule the delivery, by clicking on the following link:

Reindirizzare   (Redirect)

The alert email comes from an email address that can be misleading, as the domain mimic the official UPS' domain <courier24(at)ups(dot)it>.  However it does not refer to the real sender.
Anyone who clicks on the link, will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.



December 01, 2022 ==> Phishing Posta Elettronica (Email)

«SUBJECT: < Errore di consegna della posta in arrivo > (Incoming mail delivery error)

We examine below the phishing attempt that aims to steal the credentials of the victim's e-mail account.

Clicca per ingrandire l'immagine della falsa e-mail dell'amministratore dell'account di posta elettronica, che cerca di indurre il ricevente a cliccare sui link per rubare le credenziali di accesso all'account.
The message informs the recipient, that the messages arriving in the previous 48 hours, have been blocked, due to an error encountered by the IMAP/POP delivery server. For this reason 14 new messages are reported to be blocked. It, then, invites the unfortunate recipient to unblock the pending messages, through the following link:

Cancella questo errore (Delete this error)

Examining the email, we observe that the message comes from an email address not attributable to any email provider <mailer-daemon(at)pec(dot)it>. This is definitely anomalous and should, at the very least, make us suspicious.

Clicca per ingrandire l'immagine del falso sito contraffatto che chiaramente non ha nulla a che vedere con la Webmail...
Anyone who unluckily clicks on the link Cancella questo errore (Delete this error) will be redirected to an anomalous WEB page which, as you can see from the side image, has nothing to do with the e-mail account manager.
The page to which you are redirected is hosted on an anomalous address/domain, which we report below:

https[:]//2zpyosrpzi5mkb26tnuujn3so4iwrxg5spw2....

We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks, with all the associated risks easily imaginable.


December 01, 2022 ==> Phishing Q8

SUBJECT: <Sfida il caro benzina la sorte: puoi vincere 200€> (Challenge high Gasoline prices and luck: you can win €200)

This new phishing attempt pretends to be a communication from Q8.

Clicca per ingrandire l'immagine della falsa e-mail che segnala la possibilità di vincere un buono carburante del valore di 200€...in realtà si tratta di una TRUFFA!
The message is very impactful, as it concerns a very current issue that weighs heavily on the pockets of all Italians: the rising fuel prices "Sfida il caro benzina e la sorte".(Challenge high Gasoline prices and luck: you can win €200)
The message leverages the chance to win a fuel voucher worth €200, by entering the lucky draw, via the following link:

PARTECIPA ORA (JOIN NOW)

At first we notice that the alert email comes from an email address <news(at)news.(dot)all29con99(dot)com> , clearly not from Q8's official domain.

Anyone who unluckily clicks on the link PARTECIPA ORA (JOIN NOW) will be redirected to an anomalous WEB page.

Clicca per ingrandire l'immagine del falso sito Rispondi e Vinci, che cerca di rubare i dati sensibili dell'ignaro ricevente..
The screen that appears, is graphically deceptive as the cyber criminal had the foresight to include the well-known Q8 logo.
To participate in the drawing for the lucky win of €200 worth of Fuel Vouchers, we are asked for our personal data, such as First Name, Last Name, e-mail address and cell phone number...
To make the message more trustworthy, several comments from users -  who would like to participate or who have already participated in the fuel voucher draw - have been posted at the bottom.

In the image you can see that the page hosting the authentication form has an abnormal address/domain:

https[:]//wwwy[.]rispondievinci[.]com/vinci-buono-benzina-11-2022...
 
If you enter your data on this FORM, they will be sent to a remote server and used by cyber crooks, with all the associated easily imaginable risks .


A little bit of attention and glance, can save a lot of hassle and headaches....

We urge you NOT to be fooled by these types of e-mails, which, even though they use familiar and not particularly sophisticated approach techniques, if there is a resurgence, with reasonable likelihood more than a few unfortunates will be fooled.
 
We invite you to check the following information on Phishing techniques for more details:

04/11/2022 17:27 - Phishing: the most common credential theft attempts in November 2022...
05/10/2022 11:55 - Phishing: the most common credential theft attempts in October 2022...
06/09/2022 15:58 - Phishing: the most common credential theft attempts in September 2022...
04/08/2022 16:39 - Phishing: the most common credential theft attempts in August 2022..
06/07/2022 12:39 - Phishing: the most common credential theft attempts in July 2022.
06/06/2022 14:30 - Phishing: the most common credential theft attempts in June 2022...
02/05/2022 11:06 -
Phishing: the most common credential theft attempts in May 2022...
06/04/2022 16:51 -
Phishing: the most common credential theft attempts in April 2022.....
08/03/2022 17:08 -
Phishing: the most common credential theft attempts in March 2022..
03/02/2022 16:25 -
Phishing: the most common credential theft attempts in February 2022...
04/01/2022 09:13 - Phishing: the most common credential theft attempts in January 2022...
03/12/2021 15:57 - Phishing: the most common credential theft attempts in December 2021..

Try Vir.IT eXplorer Lite

If you are not yet using Vir.IT eXplorer PRO, it is advisable to install Vir.IT eXplorer Lite -FREE Edition- to supplement the antivirus in use to increase the security of your computers, PC and SERVERS.

Vir.IT eXplorer Lite has the following special features:
  • freely usable in both private and corporate environments with Engine+Signature updates without time limitation;
  • interoperable with any other AntiVirus, AntiSpyware, AntiMalware or Internet Security already present on PCs and SERVERs. We recommend to use it as a supplement to the AntiVirus already in use as it does not conflict or slow down the system but allows to significantly increase security in terms of identification and remediation of infected files
  • It identifies and, in many cases, even removes most of the viruses/malware actually circulating or, alternatively, allows them to be sent to the C.R.A.M. Anti-Malware Research Center for further analysis to update Vir.It eXplorer PRO;
  • through the  Intrusion Detection technology, also made available in the Lite version of Vir.IT eXplorer, the software is able to report any new-generation viruses/malware that have set in automatically and send the reported files to TG Soft's C.R.A.M
  • proceed to  download Vir.IT eXplorer Lite from the official distribution page of TG Soft's website.
 

VirIT Mobile Security AntiMalware ITALIAN for ALL AndroidTM Devices

VirIT Mobile Security, the Italian Anti-Malware software that protects Android™ smartphones and tablets, from Malware intrusions and other unwanted threats and empowers the user to safeguard their privacy with an advanced heuristic approach (Permission Analyzer).
 

VirIT Mobile Security l'Antimalware di TG Soft per Android(TM)TG Soft makes VirIT Mobile Security available for free by accessing the Google Play Store market (https://play.google.com/store/apps/details?id=it.tgsoft.virit) where you can download the Lite version, which can be freely used in both private and business settings

You can upgrade to the PRO version by purchasing it directly from our website https://www.tgsoft.it/italy/ordine_step_1.asp

 

Acknowledgements

TG Soft's Anti-Malware Research Center would like to thank all users, customers, reseller technicians, and all people who have transmitted/reported material attributable to Phishing activities to our Research Center that allowed us to make this information as complete as possible
.



How to send suspicious emails for analysis as possible phishing but also virus/malware or Crypto-Malware

You can submit materials to TG Soft's Anti-Malware Research Center safely and free of charge in two ways:
  1. Any  suspect email can be sent directly by the recipient's e-mail, to the following mail lite@virit.com,choosing as sending mode "Forward as Attachment" and inserting in the subject section "Possible phishing page to verify" rather than "Possible Malware to verify";
  2. Savethe e-mail to be sent to TG Soft's C.R.A.M. for analysis as an external file to the e-mail program used. The resulting file must be sent by uploading it from the page Send Suspicious Files (http://www.tgsoft.it/italy/file_sospetti.asp). Obviously if you want a feedback on the analysis of the data submitted, you have to indicate an e-mail address and a brief description of the reason for the submission (for example: possiible / probable phishing; possible / probable malware or other).
For more details on how to safely forward suspicious e-mails, we invite you to consult the following public page: How to send suspicious emails for analysis
We provide all this information to help you prevent credential theft, viruses/malware or, even worse, next-generation Ransomware / Crypto-Malware.

.
TG Soft's C.R.A.M. (Anti-Malware Research Center)
Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”

Vir.IT eXplorer PRO is certified by the biggest international organisation: