PHISHING INDEX
Below are the most common email phishing attempts detected by TG Soft's Anti-Malware Research Center in
May 2023:
31/05/2023 =>
Coinbase
24-25/05/2023 =>
Account di Posta Elettronica (Email account)
25/05/2023 =>
SexTortion
24/05/2023 =>
Aruba - Dominio scaduto (Expired domain)
22/05/2023 =>
Europages
22/05/2023 =>
Webmail
22/05/2023 =>
TISCALI
22/05/2023 =>
Aruba - PEC Webmail
18/05/2023 =>
Online Banking
15/05/2023 =>
Aruba - Disattivazione casella (Mailbox deactivation)
15/05/2023 =>
Facebook Policy
09/05/2023 =>
Aruba - Conferma il rinnovo (Renewal confirmation)
09/05/2023 =>
Tinder
08/05/2023 =>
TISCALI
06/05/2023 =>
Mooney
06/05/2023 =>
Istituto Bancario (Bank)
04/05/2023 =>
Mooney
04/05/2023 =>
Account Posta Elettronica (Email account)
01/05/2023 =>
Tinder
01/05/2023 =>
Aruba - Dominio scaduto (Expired domain)
These emails are intended to trick some unfortunate person into providing sensitive data - such as bank account information, credit card codes or personal login credentials - with all the possible easily imaginable consequences .
May 31, 2023 ==> Phishing Coinbase
SUBJECT: <
New device!>
Let's examine below a new phishing attempt aimed to steal the login credentials of the victim's cryptocurrency wallet, from San Francisco-based company
Coinbase.
Coinbase is an online platform used to buy, sell, transfer and store cryptocurrency, established in 2012 in San Francisco, California.
The message, in English, which we examine below, informs the recipient that abnormal access has been detected from his
Coinbase's account. The location and date of access is given (generically "Today"). It then invites him to confirm access to his account, or to remove the application immediately if he has not allowed access, via the following link:
coinbase[.]com/secure-wallet
Examining the email we notice that the message comes from a highly suspicious email address, which does not seem traceable to the official
Coinbase's domain <
admin(at)sademcicekcikolata(dot)com>. This is definitely anomalous and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the link coinbase.com/secure-wallet, will be redirected to an anomalous WEB page, which has nothing to do with the official Coinbase's website, but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
May 24-252023==> Phishing Email account
The following are 2 phishing attempts aimed to steal the credentials of the victim's mailbox.
EXAMPLE 1
< Error 500: Undelivered Emails Found On Server>
EXAMPLE 2
«New Email Upgrade»
In the first example, in English, the message informs the recipient that due to an e-mail server error, there are 10 undelivered messages. It then invites him to resolve the indicated error by following the instructions provided; once the problem is resolved, the suspended messages will be available in the inbox within 20 minutes. The link to proceed with the error remediation is then given:
Clear Error code
In the second circumstance, on the other hand, he is informed that an upgrade of the mail system is available, and he can get all the new features available by performing it. The new features are listed and some of them are: increased upload speed; updated AntiVirus Software; integrated Webmail/Mobile chat... Therefore, it invites the recipient to click the following link to upgrade for a better user experience:
Upgrade Account
In the first example the message text is contained in an image linkable to a counterfeit site already flagged as a DECEIVING site.... Both messages come from the same e-mail address that does not appear to be referable to any e-mail provider <
no-reply(at)centroaccessori(dot)eu>. This is definitely anomalous and should, at the very least, make us suspicious.
Very often these messages are poorly written emails that contain spelling errors or renewal requests for services that are not expiring, or updates required to continue using the service, as they leverage urgency to get the user to click.
It's also important to examine the links or attachments that these messages contain, which usually redirect to a counterfeit website asking to enter your personal information (such as account username and password, or credit card number to make account renewals). If these data are entered, will be used by cyber criminals for criminal purposes.
May 25, 2023 ==> SexTortion
The SexTortion-themed SCAM campaign persists. The e-mail suggests that the scammer gained access to the victim's device, which he used to collect data and personal videos. He then blackmailed the user by demanding payment of a sum of money, in the form of Bitcoin, not to divulge among his email and social contacts a private video of him viewing adult sites.
The following is an extract from the text of the email on the side:

" I am a hacker who has access to your operating system. I also have full access to your account. I 've been watching you for a few months now.The fact is that you were infected with malware through an adult site that you visited. If you are not familiar with this, I'll explain. Trojan Virus give me full access and control over a computer or other device. This means that I can see everything on your screen, turn on the camera and microphone, but you do not know about it. I also have an access to all your contacts and all your correspondence. Why your antivirus did not detect malware? Answer: my malware uses the driver, I update its signatures every 4 hours so that your antivirus is silent. I made a video showing how you satisfy yourself in the left side of the screen, and in the right half you see the video that you watched. with one click of the mouse I can send this video to all your emails and contacts on social networks. I can also post access to all your email correspondence and messengers that you use"
At this point you are asked to send 1300 USD in Bitcoin to the wallet listed below: "
bc1XXXXXXXXXXXXXXXXXXXXXX3fv'. After receiving the transaction all data will be deleted, otherwise a video depicting the user, will be sent to all colleagues, friends and relatives. The victim has 50 hours to make the payment!
Examining the payments made on the wallets that were examined this month as of
5/31/2023, the following movements result:
wallet:
"bc1XXXXXXXXXXXXXXXXXXXXXX3fv' => 0 transactions
wallet:
"18PXXXXXXXXXXXXXXXXXXXXXXXz9H '=> 0 transactions
In such cases we always urge you:
- not to answer these kinds of e-mails and not to open attachments or click lines containing unsafe links, and certainly NOT to send any money. You can safely ignore or delete them.
- If the criminal reports an actual password used by the user - the technique is to exploit passwords from public Leaks (compromised data theft) of official sites that have occurred in the past (e.g., LinkedIn, Yahoo, etc.) - it is advisable to change it and enable two-factor authentication on that service.
May 22, 2023==> Phishing EuroPages
«SUBJECT: <Felix Dietrich: Ti ha inviato un messaggio di richiesta del prodotto> (Felix Dietrich: He sent you a product request message)
We find the following phishing attempt, that appears to come from a fake communication from
EuroPages, and is aimed to steal the login credentials of the victim's account.
The message appears to come from
EuroPages, the largest international B2B sourcing platform, and notifies the user that a message has arrived regarding his product listed on EuroPages from a certain "Felix Dietrich." It then invites the user to log into his account, to view the request message, via the following link:
ACCEDI AL MIO ACCOUNT (LOGIN TO MY ACCOUNT)
Examining the email we notice that the message comes from an email address not referable to the official
EuroPages domain
<a(dot)papoff(at)gonutscommunication(dot)it>. This is definitely anomalous and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the link
ACCEDI AL MIO ACCOUNT (LOGIN TO MY ACCOUNT) will be redirected to an anomalous WEB page.
From the side image, the web page seems more referable to the Aruba page. The well-known logo is also shown, and you are requested to log in to your account to confirm your identity and be sent back to the EuroPages site to view the request message about your product.
At a glance, however, we notice that the login page is hosted on an anomalous address/domain...
https[:]//2017[.]psychedelicscience[.]org/modules/webmailbeta[.]aruba[.]it/confirm_your_identity[.]aruba[.]it....
By entering our data on this FORM to verify them, they will be sent to a remote server and used by cyber-crooks with all the related easily imaginable risks .
May 22, 2023 ==> Phishing Webmail
SUBJECT: <
ERRORS DETECTED ON YOUR WEBMAIL ACCOUNT.>
We examine below the phishing attempt that aims to steal the credentials of the victim's e-mail account.
The message, in English, informs the recipient that his mailbox will be deactivated, by
24/05/2023 due to unresolved errors. It then invites him to resolve the account errors in order to continue using his account, through the following link:
RESOLVE ERRORS NOW
Examining the email, we notice that the message comes from an email address that does not seem traceable to the server hosting the mailbox <
marijana(at)tr-kircek(dot)hr>.
This is definitely anomalous and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the link
RESOLVE ERRORS NOW will be redirected to an anomalous WEB page which, as you can see from the side image, has nothing to do with the e-mail account manager.
The page to which you are redirected, to enter your mail account credentials, is hosted on an anomalous address/domain, that we report below:
https[:]//ipfs[.]io/ipfs/bafkreig5tohfqms2bpph6agk33....
We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks, with all the associated easily imaginable risks.
May 22, 2023==> Phishing Aruba - PEC Webmail
SUBJECT: <
Scadenza password>
(Password expiration)
Here we find another phishing attempt coming from a false communication from
Aruba.
The message informs the recipient that the password of his e-mail account hosted on
Aruba is expiring in 24 hours, on
22/05/2023. It then informs him that he will have to renew his password in order to continue using it and avoid the deletion of the account and thus the deactivation of all services associated with it.
It then invites the user to log in to renew the password, through the following link:
conferma password (password confirmation)
Clearly, the well-known web hosting, e-mail and domain registration services company, Aruba is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining the text of the message, we notice right away that the sender's e-mail address, which would appear to come from a PEC <
Pec WebMail: communications(at)staff(dot)aruba(dot)it>, does not come from
Aruba's official domain.
Anyone who unluckily clicks on the link
conferma password (password confirmation) will be diverted to an anomalous WEB page, which as you can see from the side image, is graphically well laid out.
We notice, however, that you are redirected to a page hosted on an anomalous address/domain, which has nothing to do with
Aruba and which we show below:
https[:]//srv191119[.]hoster-test[.]ru/wbesteraruba/der/index...
We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .
May 18, 2023 ==> Phishing Online Banking
SUBJECT: <
You've just received a transfer>
This month we examine the following phishing attempt that notifies of a money transfer to the victim.
The message informs the recipient that he has received a cash transfer of $28,790. It then invites him to log in by clicking the following link:
LOG IN
Examining the text of the message, we notice right away that the sender's e-mail address <ucqqvtz(at)shooper(dot)co> is not reliable.
Anyone who unluckily clicks on the link
LOG IN will be redirected to an anomalous WEB page, which as you can see from the side image, is graphically well laid out and detailed. In fact you can see the sender "
Bank of America N.A." the final account number and a receipt for the payment.
We notice, however, that you are redirected to a page hosted on an anomalous address/domain, which we report below:
https[:]//online-com[.]github[.]io/eu/notifications[.]html
We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks, with all the associated easily imaginable risks .
15 Maggio 2023 ==> Phishing Facebook Policy
SUBJECT: <
Action Required: Verify Your Business Ownership on Facebook>
This month we examine a new phishing attempt that comes from a fake communication, apparently coming from
Meta.
The message, in English, informs the recipient that there has been a recent change in Policy requiring the
"validation of business account ownership associated with our platform (Facebook). This step has been implemented to ensure adherence to our standards and safeguard the integrity of our services. As a valued member of our network, we kindly urge you to verify your business ownership via the designated button in our Business Help Center." By proceeding to validate the account within
17/05/2023, the account holder will be able to continue to operate without any interruption or limitation to the use of his corporate account. It then invites the user to proceed with validation through the following link:
REQUEST A REVIEW
Clearly, the well-known U.S. company Meta is a unrelated to the mass sending of these emails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining the text of the message, we notice right away that the sender's e-mail address<
emailtosalesforce(at)u-28u1uxwh7xnxdcnx869ckj01c6zqmu74nqbky1k3o7auhd5qv7(dot)8d-avyobead(dot)um8(dot)le(dot)salesforce(dot)com> does not come from the official
Meta's domain and is highly anomalous.
Anyone who unluckily clicks on the link
REQUEST A REVIEW will be diverted to an anomalous WEB page, which has nothing to do with the official site, but has already been reported as a DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
May 09, 2023 ==> Phishing Aruba - Renewal confirmation
SUBJECT: <
PROMEMORIA: Dominio **** con account di posta in scadenza>
(REMINDER: **** domain with expiring mail account)
Here we find another phishing attempt that comes again from a false communication by
Aruba.
The message informs the recipient that his domain, hosted on
Aruba, linked to his e-mail account, has expired on
09/05/2023 and that the automatic renewal service has been deactivated. It then warns him that he will have to renew his services manually to avoid the cancellation of his account, and thus the deactivation of all the services associated with it, including the mailboxes. Therefore he will no longer be able to receive and send messages. It then invites the user to log in to renew services, through the following link:
Effettua il tuo pagamento (Make your payment)
Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining the text of the message, we notice right away that the sender's e-mail address
<gianluca(dot)gabba(at)ggs-rappresentanze(dot)it> does not come from the official domain of
Aruba.
Anyone who unluckily clicks on the link
Effettua il tuo pagamento (Make your payment) will be redirected to an anomalous WEB page, which has nothing to do with the official
Aruba's website, but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
08 - 22 Maggio 2023 ==> Phishing TISCALI
Below we report 2 phishing attempts that appear to come from a false communication from
TISCALI.
EXAMPLE 1
< Deactivation ****@tiscalinet.it >
EXAMPLE 2
«Avviso di disattivazione ***@tiscalinet.it»(Deactivation notice)
In the 2 examples above, which are very similar, the message informs the recipient that his domain hosted on TISCALI linked to his e-mail account, has expired. It then warns him that he can neither receive nor send messages until he reactivates his email. It then invites the user to reactivate his mailbox, in the specified time, otherwise all messages will be deleted.
The goal, in both cases, is to get the user to click on the link indicated in the email:
RIATTIVARE ORA (REACTIVATE NOW)
This time the phishing campaigns simulate a communication that appears to come FROM TISCALI, which is clearly unrelated to the mass sending of these emails, that are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining both emails, the Company Logo was included to further mislead the user, but we note that the sender's email address isn't referable to the official
TISCALI's domain: <
milantns(at)sbb(dot)rs>. Let's always use caution before clicking on suspicious links.
Very often these messages are poorly written emails that contain spelling errors or renewal requests for services that are not expiring, or for security updates, as they leverage urgency to get the user to click.
Anyone who unluckily clicks on the link
RIATTIVA ORA (REACTIVATE NOW) will be redirected to an anomalous WEB page, which as you can see from the side image, is graphically well set up and could fool an inexperienced user.
We notice, however, that the page you are redirected to, for the entry of your mail account credentials, is hosted on an anomalous address/domain, which we report below:
https[:]//webmail-mail-tiscali-it[.]weebly[.]com/#email****
We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .
May 06, 2023 ==> Phishing Istituto Bancario (Bank)
SUBJECT: <
Nuovo aggiornamento - Attiva il nuovo sistema di sicurezza>
(New update - Activate the new security system)
We find again this month the phishing campaign, spread through an e-mail exploiting graphics stolen from, or similar to those of a well-known national banking institution. This way it tries to pass itself off as an official communication, in order to induce the unsuspecting recipient to carry out what was requested, and fall into this trap based on social engineering techniques.

The message notifies the unsuspecting recipient that since May 09, 2023, he will no longer be able to use his card unless he activates the new web security system, which provides greater security and reliability to transactions. It then invites him to activate the new security system. The operation is simple and takes only 3 minutes, through the following link:
Clicca qui (Click here)
We can see from the beginning that the alert message comes from an e-mail address <****(at)customer-support-bay1(dot)com> that is very suspicious and contains very general text, although the cybercriminal had the graphic foresight to include the well-known banking institution logo, that could mislead the user.
The aim is to lead the recipient to click on Clicca qui (Click here) link which, we would like to point out, redirects to a page, that has nothing to do with the official site, but has already been flagged as a deceptive WEBSITE/PAGE. In fact it is run by cyber-criminals, whose goal is to get hold of your most valuable data, in order to use them for criminal purposes.
04 - 06 Maggio 2023 ==> Phishing Mooney
Below we report 2 phishing attempts that appear to come from a false communication from
Mooney, the Italian Proximity Banking & Payments company
.
EXAMPLE 1
< IL tuo аccount Moonеy è tеmporаnеamеntе sospеso. #700000 >(Your Moonеy account is temporarily suspended)
In the 2 examples above, which are very similar, the message informs the recipient that his account is temporarily suspended due to a failed update or, as in the second case, that he needs to confirm his account information.
The goal, in both cases, is to get the user to click on the link given in the email, to resolve the customer profile update problem:
Aggiornare o
clicca qui (Update or click here)
This time, phishing campaigns simulate a communication that appears to come from the Italian online payment company
Mooney,
which is clearly unrelated to the mass sending of these emails. These, in fact, are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining both emails ,to further mislead the user, the Company Logo was included, but we note that the sender's email address does not appear to be traceable to the official domain of
Mooney: 1° example <
jollymanifatture(at)care(dot)sprinklr(dot)com>; 2° example <
kiwisat-alert(at)kiwitron(dot)com>. Let's always be very careful before clicking on suspicious links.
Very often these messages are poorly written emails that contain spelling errors or renewal requests for services that are not expiring, or for security updates, as they leverage urgency to get the user to click.
Anyone who unluckily clicks on the link
Aggiornare o
clicca qui (Update or click here) will be redirected to an anomalous WEB page which, as you can see from the side image, has nothing to do with the official website of Mooney.
The page to which you are redirected, to enter your credentials, is hosted on an anomalous address/domain, which we report below:
1° esempio: https[:]//ipfs[.]io/ipfs/bafkreihalpd23vzerlcqewfszygvrjabi5wp....
2° esempio: https[:]//amsltd.[.]us/wp-admin/user/IT-M/MoneyIT/
We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .
May 04, 2023 ==> Phishing Account Posta Elettronica (E-mail Account)
SUBJECT: <
(3) messages are pending to deliver in your mailbox>
Let's examine below another phishing attempt aimed to steal the credentials of the victim's e-mail account.
The message, in English, informs the recipient that incoming messages have been blocked due to the indicated "storage error." It then invites him to click on the link indicated in the email to retrieve the blocked messages, via the following link:
Receive Messages
Analyzing the email, we notice that the message comes from an email address that does not seem traceable to the server that hosts the mailbox <
support(at)mainmailservers(dot)mom>. This is definitely anomalous and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the link
Receive Messages will be redirected to an anomalous WEB page which, as you can see from the side image, has nothing to do with the e-mail account manager.
The page to which you are redirected, for the entry of your mail account credentials, is hosted on an anomalous address/domain, which we report below:
https[:]//ipfs[.]io/ipfs/bafkreihalpd23vzerlcqewfszygvrjabi5wp....
We always urge you to be careful and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks .
May 01, 2023==> Phishing Tinder
SUBJECT: <
It's a Match!>
This month we find a new phishing attempt that seems to come from a false communication from
Tinder, one of the most popular dating sites in the world.
The message informs the recipient that a profile has been found that "matches" his or her. Then invites him or her to log into his or her
Tinder account, to find out the person who is waiting for him/her...By clicking through the following link, you will be able to log in to your account:
FIND OUT WHO
Clearly, the well-known dating app Tinder, is unrelated to the mass sending of these emails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Examining the text of the message, we notice right away that the sender's e-mail address<
furioso(at)rscp19103(dot)myhostingpack(dot)com> does not come from the official domain of
Tinder. We see, however, that the cybercriminal had the foresight to include the well-known Tinder logo; in fact, the email is graphically deceptive.
Anyone who unluckily clicks on the link
FIND OUT WHO will be redirected to an anomalous WEB page, which has nothing to do with the official
Tinder's website, but which has already been reported as a DECEPTIVE PAGE/ WEBSITE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use them for criminal purposes.
01 - 15 - 24 May 2023 ==> Phishing Aruba - Dominio scaduto (Expired domain)
Below are the phishing attempts we find this month, which appear to come from a false communication from
Aruba.
EXAMPLE 1
< PROMEMORIA: Dominio **** con account di posta in scadenza > (REMINDER: **** domain with expiring mail account)
EXAMPLE 2
«Disattivazione casella e-mail per disattivazione dominio ***» (Mailbox deactivation for domain deactivation)
ESEMPIO 3
«tempo del rinnovo.»
In the examples above, which are very similar, the customer is notified that his domain hosted on
Aruba is about to expire and then invites him to renew before the expiration date. It informs him that, if the domain is not renewed, all services associated with it will be deactivated, including e-mail boxes, so he will no longer be able to receive and send messages. It then invites the user to re-new the domain by completing the order through the links listed in the email.
The aim is clearly to get the user to click on the link in the email:
RINNOVA IL DOMINIO (RENEW THE DOMAIN)
Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
To detect these phishing attempts, it is first necessary to examine the sender's e-mail address, which as we can see in the 3 cases shown
(<noreply(at)rusflagcity(dot)ru>; <informer(at)znatoki34(dot)ru>; <support(at)sicurezza8108(dot)com> ) do not come from
Aruba's official domain.
Very often these messages are poorly written emails that contain spelling errors or renewal requests for not expiring services, since they use urgency or data security to obtain user's information.
It's also important to examine the links or attachments that these messages contain, which usually redirect to a counterfeit website asking to enter your personal information (such as account username and password, or credit card number to make account renewals). If these data are entered, will be used by cyber criminals for criminal purposes.
A little bit of attention and glance, can save a lot of hassle and headaches....
We urge you NOT to be fooled by these types of e-mails, which, even though they use familiar and not particularly sophisticated approach techniques, if there is a resurgence, with reasonable likelihood more than a few unfortunates will be fooled.
We invite you to check the following information on Phishing techniques for more details:
05/04/2023 17:34 - Phishing: the most common credential and/or data theft attempts in April2023...
03/03/2023 16:54 - Phishing: the most common credential and/or data theft attempts in March 2023..
06/02/2023 17:29 - Phishing: the most common credential and/or data theft attempts in February 2023...
02/01/2023 15:28 - Phishing: the most common credential and/or data theft attempts in January 2023...
02/12/2022 15:04 - Phishing: the most common credential and/or data theft attempts in December 2022...
04/11/2022 17:27 - Phishing: the most common credential and/or data theft attempts in November 2022...
05/10/2022 11:55 - Phishing: the most common credential and/or data theft attempts in October 2022...
06/09/2022 15:58 - Phishing: the most common credential and/or data theft attempts in September2022...
04/08/2022 16:39 - Phishing: the most common credential and/or data theft attempts in August2022...
06/07/2022 12:39 - Phishing: the most common credential and/or data theft attempts in July2022...
06/06/2022 14:30 - Phishing: the most common credential and/or data theft attempts in June 2022...
02/05/2022 11:06 - Phishing: the most common credential and/or data theft attempts in May2022...
Try Vir.IT eXplorer Lite
If you are not yet using Vir.IT eXplorer PRO, it is advisable to install Vir.IT eXplorer Lite -FREE Edition-.to supplement the antivirus in use to increase the security of your computers, PCs and SERVERS.
.
Vir.IT eXplorer Lite has the following special features:
- freely usable in both private and corporate environments with Engine+Signature updates without time limitation;
- fully interoperable with other AntiVirus software and/or Internet Security products (both free and commercial) already installed on your computer. It doesn't need any uninstallation and it doesn't cause slowdowns, as some features have been appropriately reduced to ensure interoperability with the AntiVirus software already on your PC/Server. This, however, allows cross-checking through the scan
- It dentifies and, in many cases, even removes most of the viruses/malware actually circulating or, alternatively, allows them to be sent to the C.R.A.M. Anti-Malware Research Center for further analysis to update Vir.It eXplorer PRO;
- through Intrusion Detection technology, also made available in the Lite version of Vir.IT eXplorer, the software is able to report any new-generation viruses/malware that have set in automatically and send the reported files to TG Soft's C.R.A.M
- Proceed to download Vir.IT eXplorer Lite from the official distribution page of TG Soft's website.
VirIT Mobile Security AntiMalware ITALIAN for ALL Android DevicesTM
VirIT Mobile Security, the Italian Anti-Malware software that protects Android™ smartphones and tablets, from Malware intrusions and other unwanted threats and empowers the user to safeguard their privacy with an advanced heuristic approach (Permission Analyzer).
TG Soft makes VirIT Mobile Security available for free by accessing the Google Play Store market (https://play.google.com/store/apps/details?id=it.tgsoft.virit) where you can download the Lite version, which can be freely used in both private and business settings
You can upgrade to the PRO version by purchasing it directly from our website=> click here to order
Acknowledgements
TG Soft's Anti-Malware Research Center would like to thank all users, customers, reseller technicians, and all people who have transmitted/reported material attributable to Phishing activities to our Research Center that allowed us to make this information as complete as possible.
How to send suspicious emails for analysis as possible phishing but also virus/malware or Crypto-Malware
You can submit materials to TG Soft's Anti-Malware Research Center safely and free of charge in two ways:
- Any suspect email can be sent directly by the recipient's e-mail, to the following mail lite@virit.com,choosing as sending mode "Forward as Attachment" and inserting in the subject section "Possible phishing page to verify" rather than "Possible Malware to verify";
- Save the e-mail to be sent to TG Soft's C.R.A.M. for analysis as an external file to the e-mail program used. The resulting file must be sent by uploading it from the page Send Suspicious Files (http://www.tgsoft.it/italy/file_sospetti.asp). Obviously if you want a feedback on the analysis of the data submitted, you have to indicate an e-mail address and a brief description of the reason for the submission (for example: possiible / probable phishing; possible / probable malware or other).
For more details on how to safely forward suspicious e-mails, we invite you to consult the following public page: How to send suspicious emails for analysis
We provide all this information to help you prevent credential theft, viruses/malware or, even worse, next-generation Ransomware / Crypto-Malware.
TG Soft's C.R.A.M. (Anti-Malware Research Center)