PHISHING INDEX
Below are the most common email phishing attempts detected by TG Soft's Anti-Malware Research Center in August 2024:
30/08/2024 =>
Poste Italiane
28/08/2024 =>
Mediaworld
28/08/2024 =>
Amazon
22/08/2024 =>
Banca Popolare di Sondrio
16/08/2024 =>
Aruba - Verifica password (Password verification)
14/08/2024 =>
WalletConnect
12/08/2024 =>
BBVA
10/08/2024 =>
Nexi
08/08/2024 =>
Smishing Istituto di Credito (Credit Institution)
08/08/2024 =>
Account di Posta Elettronica (Email Account)
07/08/2024 =>
Europages
06/08/2024 =>
Esselunga
06/08/2024 =>
Mooney
06/08/2024 =>
Aruba - Fattura non pagata (Unpaid invoice)
05/08/2024 =>
Smishing - "Mamma ho perso il telefono" (Mum I lost my phone)
These emails are intended to trick some unfortunate person into providing sensitive data - such as bank account information, credit card codes or personal login credentials - with all the possible easily imaginable consequences.
August 30, 2024 ==> Phishing PosteItaliane
SUBJECT:
<Important: Activate the new security system> (Important: Activate the new security system)
We find again this month the phishing attempt spreading through a false communication from
PosteItaliane, concerning the notification of a new security system.
The message, which we reproduce on the side, informs customers of PosteItaliane owning Postepay cards, that they need to activate the new web security system to ensure greater security and reliability for transactions. Without the activation of the security system, they will not be able to use their card. The activation process takes only 3 minutes, through the following link:
Clicca qui (Click here)
The message seems to come from
PosteItaliane but the email is rather generic and is directed to an unspecified
Dear Customer. Besides the address <
postepay[at]servizio-poste-italiane[dot]com> is clearly unrelated to the official PosteItaliane domain. The purpose, of course, is to lead the user to click on the proposed link and enter his data, which will be stolen.
The link in the message directs us to a web page that is supposed to simulate the official website of
PosteItaliane. Although the page may be misleading due to the presence of the well-known
PosteItaliane logo, the broswer's url address is anomalous and not traceable to
PosteItaliane:
<<https[:]//verificacion-*****[.]com/IT-M0MS5/Italia...>>
To conclude, we always urge you to be wary of any email that asks you to enter confidential data, and avoid clicking on suspicious links, which could lead to a counterfeit site difficult to distinguish from the original one. In fact in this way your most valuable data are put in the hands of cyber crooks and can be used at will. .
August 28, 2024 ==> Phishing MediaWorld
Below we analyze some scam attempts that, posing as
MediaWorld messages, spread massively through social networks.
This time, after Amazon's wave of extraordinary offers, we have a new ''tsunami'' of unmissable promotions. Below are 2 examples of different messages but with the same goal of simulating a must-have opportunity for the user.
''..get the powerful JBL Flip 6 speaker for only €2''
'''PS5 for only €2 in our store!'''
To obtain the prize(s) first we have to fill out a quick and easy survey, answering only 4 questions.
Certainly behind this phishing there is a real decoy for many inexperienced users
Clearly
MediaWorld is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance
At first we notice that the images are graphically misleading and, to add credibility to the message, there are also numerous comments from customers who appear to have already participated in the survey. These are all reassuring testimonials/feedback about the actual delivery of the winnings and the truthfulness of the message.
Surely if so many users were lucky why not try your luck by filling out a simple survey?!
When we then try to click on ''
Scopri di più''/''Ordina subito''
(Find out more/Order now), this is what happens:
We are redirected to a landing page that, although graphically well done, with misleading images, does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following anomalous web page:
[NomeDominioFake*].info
*
FakeDomainName is a domain that simulates a known brand domain or is a randomly named domain.
which has no connection with
MediaWorld.
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey by making him/her believe that only few people can win, and the gifts are about to run out. There is also a countdown timer at the bottom of the screen (1 minute 19 seconds), which however, if stopped - as we simulated - will start over immediately... rather strange thing. In addition, it seems that only 10 lucky people will be selected to obtain the prize.
At the end of the survey that involved answering 4 extremely general questions, a simple game is proposed to try our luck:
we have 3 attempts to find the prize inside some gift packages....
But how lucky we are!
After 2 attempts we made it: we managed to get the prize....
Too bad it's not over yet.
Here's the surprise: as highlighted in the image, winning is conditional on payment of shipping costs of 2€ Euros.
To invite the user to quickly finish, the cart remains reserved for a short time (08:52 minutes).
Since the purpose of cyber criminals is to induce the victim to enter his/her sensitive data, we expect a request to enter credit card information for shipping charges, although modest.
The page shown for the entry of our personal data is hosted on a different address/domain form the previous one but still suspicious:
[NomeDominioFake*].com
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data are placed in the hands of cyber crooks who can use them at will.
August 28, 2024 ==> Phishing AMAZON
Below we analyze some scam attempts that, posing as Amazon messages, spread massively through social networks.
This is an apparent ''storm'' of unmissable offers. Here is the promotional message:''Due to overstocking,
Amazon is giving away laptops with slight scratches...'' To get the prize - specifically HP laptops or MacBook PRO - the lucky user only has to answer 4 questions....or at least that's what it seems.
Certainly behind this phishing there is a real decoy for many inexperienced users.
Clearly
Amazon is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.
At first we notice that the images are graphically misleading and, to add credibility to the message, there are also many comments from customers who appear to have already participated in the survey. These are all reassuring testimonials/feedback about the actual delivery of the winnings and the truthfulness of the message.
Surely if so many users were lucky why not try your luck by filling out a simple survey?!
When we then try to click on ''
Request Now,'' this is what happens:
We are redirected to a landing page that, although graphically well done (with misleading images and the authentic
Amazon logo) does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following anomalous web page.
[NomeDominioFake*].info
*
DomainNameFake is a domain that simulates a known brand domain or is a randomly named domain.
which has no connection with
Amazon.
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey by making him/her believe that only few people can win, and the gifts are about to run out. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing.
Now it seems only necessary to enjoy a simple little game to try our luck:
we have 3 attempts to find the laptop inside some gift packages..
But how lucky we are...
After 2 attempts we made it: we managed to get the prize..
Too bad it's not over yet.
Here's the surprise: as highlighted in the image, winning is conditioned on paying shipping costs of Euro 1.95.
The purpose of cyber criminals is to induce the victim to enter his/her sensitive data. Therefore, we can expect that in order to pay shipping costs, although low in value, credit card information we will be required.
The page where we are redirected, to enter our own personal data, is always hosted on the abnormal address/domain, shown below:
[NomeDominioFake*].info
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data are placed in the hands of cyber crooks who can use them at will.
August 22, 2024 ==> Phishing Banca Popolare di Sondrio
SUBJECT: <
SCRIGNObps - Notifica di Sospensione>
(SCRIGNObps - Suspension Notification)
The short message that seems to come from
Banca Popolare di Sondrio, informs the recipient that his/her account has been temporarily suspended due to the failure to update some information.
"Fortunately", to restore access to the home banking account and all related services, he/she simply has to update the required information by clicking on the following link:
Aggiorna Informazioni (Update Information)
Clearly, Banca Popolare di Sondrio is unrelated to the mass sending of these e-mails, which are scams whose goal remains, as always, to steal the home banking login credentials and/or money of the unsuspecting recipient.
Although the cyber-criminal has inserted credible graphics and simulated the Bank's official address, there are some suspicious clues. In fact the text is generic and gives no elements as to the type of information to be updated and, in addition, home banking credentials are requested using a link sent via e-mail.
Anyone who unluckily clicks on the Aggiorna Informazioni (Update Information), will be redirected to a malicious WEB page, which is unrelated to the Banca Popolare di Sondrio's official website, but which has already been reported as a DECEPTIVE WEBSITE/PAGE. In fact, it is run by cyber criminals whose goal is to get hold of your home banking login information in order to use it for criminal purposes and/or to transfer funds.
We always urge you to pay attention to even the smallest details and not to enter your personal information and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks.
August 16, 2024 ==> Phishing Aruba - Verifica password
SUBJECT: <
Final Warning - Verifica password>
(Final Warning - Password verification)
We find again this month phishing attempts pretending to be communications from the
Aruba brand.
The message warns the recipient that the password for his/her account on
Aruba will expire in 24 hours. To continue using the same password, the user must confirm it by clicking on the following link:
conferma password (confirm password)
In case of non-confirmation, the provider will not be responsible for malfunctions
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
The cybercriminal leaves little time for action to the victim, in order to intimidate and push the user to act immediately witho attention, urged by fear of account and service blocking.
Anyone who unluckily clicks on the
conferma password (confirm password) link, will be redirected to an anomalous WEB page, which is unrelated to the official site of
Aruba.
On this page the user is prompted to log in to his/her client area entering username and password, so he/she can renew the password and avoid malfunctions or lockouts.
The page requesting the user’s credentials, is hosted on an anomalous address/domain, which we report below:
https[:]//srv218455[.] hoster-test[.]ru/sec/index....
We always urge you to pay attention to every detail, even trivial ones, and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks with all the associated easily imaginable risks.
August 14, 2024 ==> Phishing WalletConnect
SUBJECT: <
Payment notification>
Below we analyze the following phishing attempt that comes as a fake communication from
WalletConnect, a well-known cryptocurrency management services company.
The short message, in English, informs the recipient that he/she has been selected for an annual promotion involving the winning of a cash prize. Unfortunately, in order to obtain the giveaway, it is first necessary an account confirmation through the following link:
Verify wallect
Clearly, the well-known service company,
WalletConnect is unrelated to the mass sending of these emails, which are real scams whose goal remains, as always, to steal sensitive data and money of the unsuspecting recipient.
The cyber-criminal had the foresight to simulate the official address of the
WalletConnect service, so as to fool an unwary user. However, if we analyze deeper the message and especially the link, we can immediately realize that the destination site is not traceable to the official one.
Anyone who unluckily clicks on the
Verify wallect link, will be redirected to a malicious WEB page, which is unrelated to the
WalletConnectt's official website, but which has already been reported as a DECEPTIVE WEBSITE/PAGE.. In fact, it is run by cyber criminals whose goal is to get hold of cryptocurrency wallet data in order to use them for criminal purposes and/or transfer their funds.
August 12, 2024 ==> Phishing BBVA
SUBJECT: < Banca Online> (Online Bank)
Below we analyze the phishing attempt that comes as a false communication from
BBVA, a well-known Spanish multinational banking group.
The message informs the recipient that a new message is available and invites him/her to check his/her mailbox, through the following link, for more information.
Clicca qui e accedi al tuo account (Click here and log in to your account)
Clearly, if the recipient of the text message is not actually a customer of the
BBVA, the anomaly of the message is more obvious. In any case, we remind you that under no circumstances banks require customers to provide personal data - especially home banking login credentials - via SMS and e-mail.
If we analyze more closely the e-mail, we notice right away that the message comes from an address <
mail03069(at)couponvantaggiosi(dot)it> clearly not from the official domain of
BBVA. It is crucial to always pay close attention before clicking on suspicious links.
Anyone who unluckily clicks on the
Clicca qui e accedi al tuo account (Click here and log in to your account) link, will be redirected to a malicious WEB page, which is unrelated to the bank's official website, but which has already been reported as a DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals who want to get hold of your most valuable data, in order to use them for illegal purposes.
August 10, 2024 ==> Phishing Nexi
SUBJECT: <
Urgente: attivare il nuovo sistema di sicurezza>
(Urgent: activate the new security system)
This new phishing attempt pretends to be a communication from
Nexi.
The message alerts the recipient that if he/she does not activate the new security system by
August 12, 2024, he/she will not be able to continue using his/her
Nexi card. Without the new security system, which should provide greater security and reliability, no card transactions will be possible. Users can activate the new system through the following link:
Clicca qu (Click here)
We immediately notice that the email is very generic and there is no identifying information about the customer or the linked account. The alert email comes from an email address <service(dot)customers(at)nexi-it-contact(dot)info> clearly not from
Nexi's official domain.
Anyone who unluckily clicks on the
Clicca qu (Click here) link, will be redirected to a malicious WEB page, which is unrelated to the
Nexi's official website, but which has already been reported as a DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals who want to get hold of your most valuable data, in order to use them for illegal purposes.
August 08, 2024 ==> Smishing Istituto Bancario (Bank)
We analyze below a false communication from a well-known
Bank, spread through sms (smishing), a form of phishing that uses cell phones instead of email.
The sms warns the recipient that a payment of Euro 4,990.00 has been detected and invites him/her to verify the payment. In case he/she does not recognize it, he/she must contact the specified phone number "02828****" .
Clearly, if the recipient of the text message is not actually a customer of the Bank
, the anomaly of the message is more obvious. In any case, we remind you that under no circumstances Banks
require customers to provide personal data - especially home banking login credentials - via SMS and e-mail.
The cyber criminals' goal is to lead the user, alarmed by the report of the payment request, to call the given number or, more generally, to click on suspicious links.
If in doubt, you should contact the official channels reported on the banking institution's website, and not trust the indications in the suspicious message, since there could be a scammer behind it.
we would also like to point out that Banks
are reporting these increasing scams to their customers, through official messages.
We also recall that communication between the Bank
and the customer is never via text message, but it is your Bank
/dedicated advisor who contacts you.
We reproduce an example of the message sent by the bank/advisor to warn his clients of these scam attempts, urging them to exercise caution:
“Good morning, attempts to steal login credentials to various banking apps have been escalating in recent days. They come up with the usual message (usually sms) that a strange payment has been requested and that if it is not due to call a number sometimes landline other times cell phone to block it. They are done quite well sometimes the Bank's name is not spelled perfectly or sometimes they switch from "tu" (informal way of addressing) to "lei" (formal way of addressing) or vice versa. It is useless and superfluous for me to tell you never to do what they ask. For any doubt rather write to your advisor or call the Bank's numbers or send the suspicious message to your advisor or the Bank's official channels, but never do anything! Only your advisor is expected to contact you. ”
To conclude, we always urge you to be wary of any form that requires you to enter confidential data, unless you are certain of the website's provenance. We also urge you not to click on suspicious links, which could lead to a counterfeit site that is difficult to distinguish from the original, where under no circumstances should you enter your bank account login details, credit card information or other sensitive data. Otherwise you put your most valuable data in the hands of cyber crooks who can use them at will.
August 08, 2024 ==> Phishing Account Posta Elettronica
SUBJECT: <
Azione richiesta: La password della tua casella di posta è scaduta 2024 - ****>
(Action required: Your mailbox password has expired 2024- ****)
We analyze below a new phishing attempt that aims to steal email account login credentials.
The message informs the recipient that his/her e-mail account password is expiring and that a new password will be generated by the system 3 hours after the message is opened. It then invites him/her to continue using the current password, through the following link:
Mantenere la password corrente (Keep current password)
When we analyze the email, we see that the message comes from an email address <
info[at]qiwipsa[dot]ooguy[dot]com> not traceable to the email server where the account is hosted. This is definitely anomalous and should, at the very least, make us suspicious.
However, if we go ahead and click on the provided link, we will be redirected to a malicious WEB page that has already been flagged as deceptive PAGE/ WEBSITE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data, in order to use it for illegal purposes.
Given these considerations, we point out that you should NEVER enter your credentials on sites whose origin you do not know, as they will be sent to a remote server and used by cyber crooks, with all the associated, easily imaginable, risks.
August 07, 2024==> Phishing EuroPages
SUBJECT:
<Friedrich dalla Germania ti ha inviato un messaggio di richiesta relativo al tuo prodotto> (Friedrich from Germany has sent you an inquiry message for your product)
We find again this month the following phishing attempt, that comes from a false communication from
EuroPages, and aims to steal the login credentials of the victim's account.
The message seems to come from EuroPages, the largest international B2B sourcing platform, and notifies the user the reception of a message from a certain "Leonardo Rossi", concerning his or her product listed on EuroPages. It then invites the user to log into his/her account to view the inquiry message, via the following link:
ACCEDI AL MIO ACCOUNT (SIGN IN TO MY ACCOUNT)
When we analyze the email, we find that the message comes from an email address <info(at)depramaterieplastiche(dot)it> not traceable to the official EuroPages domain. This is definitely anomalous and should at the very least make us suspicious.
Anyone who unluckily clicks on the
ACCEDI AL MIO ACCOUNT (SIGN IN TO MY ACCOUNT) link, will be redirected to an anomalous WEB page, which has already been reported as a DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals who want to get hold of your most valuable data, in order to use them for illegal purposes.
August 06, 2024==> Phishing ESSELUNGA
SUBJECT: <
Notifica di ritardato pagamento. Impossibile consegnare il pacco. ! CcTsw>
(Notifica di ritardo nel pagamento. Impossibile consegnare il pacco. ! CcTsw)
Below we analyze the following scam attempt hidden behind a false communication from the well-known retail company
Esselunga.
It is a promotional message that seems to propose an unmissable opportunity. The lucky user has been selected to participate in the ongoing monthly promotion through a survey, that will allow him to win a prize: a
Set from Tupperware Modular Mates...or so it seems.
Certainly behind this phishing there is a real decoy for many inexperienced users.
Clearly
Esselunga is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.
When we analyze the email, we notice that the message comes from an email address <
fabiano(dot)iacuzzi[at]mst-techsrl[dot]com> not traceable to the official domain of
Esselunga. This is definitely anomalous and should, at the very least, make us suspicious. However, if we go ahead and click on the link provided, here is what happens:
we are redirected to a landing page that, although graphically well designed (with misleading images and the authentic logo of
Esselunga) does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following anomalous address/domain:
"https[:]/quickblended[.]sbs/ijyv/etna.....''
which has no connection with
Esselunga.
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey, by making him/her believe that only few people can win, and the offer expires in the day. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing.
When we click on
INIZIA IL SONDAGGIO (START THE SURVEY), we are directed to the next screens, where we are asked to answer 8 questions.
Here is specifically question 1/8. These are very general questions focused on the degree of satisfaction with the services offered by ESSELUNGA, and on the daily habits of consumers. Here, too, there is a countdown to prompt the user to quickly finish the process for the award.
At the end of the survey we can finally claim our prize: a Tupperware Set Modular Mates that would be worth 79,99 Euros but costs us 0. We only have to pay shipping costs, which are supposed to be small.
But let's hurry. There seem to be only 4 left in stock..
''Congratulazioni! Abbiamo riservato (1) 36 Piece Tupperware Modular Set esclusivamente per te.''
(Congratulations!!! We have reserved (1) 36 Piece Tupperware Modular Set exclusively for you.')
Here we go: in fact, all we need to do is to enter our shipping address and pay the shipping cost, and in 5-7 business days the prize will be delivered....
To give more credibility, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not really a scam.....
Surely if so many users were lucky why not try your luck?!
Then, when we click on
Continua (Continue), we are sent to a further page to enter our shipping address and pay shipping costs. As we can see from the image on the side, the cybercriminals try to trick the unfortunate person into entering sensitive data to ship the prize. Most likely, credit card information will also be requested later for the payment of shipping costs.
The page where we are redirected, to enter our personal data, is hosted on a new abnormal address/domain, which we report below:
https[:]//recurring[.]sbs/c/D0UHqh.....
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data are placed in the hands of cyber crooks who can use them at will.
August 06, 2024 ==> Phishing Mooney
SUBJECT: <
Avvertimento ! >
(Warning !)
Below we analyze the following phishing attempt that comes as a false communication from
Mooney the Italian Proximity Banking & Payments company.
The message informs the recipient that his/her account is temporarily locked for security reasons.
It then invites him/her to update his profile, to confirm his/her data, following the security steps specified through the following link:
ACCEDI E ORA (LOGIN AND NOW)
The Italian online payment company
Mooney, is clearly uninvolved in the mass sending of these emails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Analyzing the the message, we notice right away that it comes from an e-mail address <
rosalia(dot)deleon(at)bioteksa(dot)com> not traceable to
Mooney's domain, although the cybercriminal had the foresight to include the company's well-known logo. Let's always be very careful before clicking on suspicious links.
Anyone who unluckily clicks on the
ACCEDI E ORA (LOGIN AND NOW) link, will be redirected to the displayed page.
As we can see, the landing page graphically simulates the official
Mooney page, and this could mislead a user driven by haste to secure his account.
Although haste and fear of account suspension may prompt users to enter their login information, if we look at the broswer's url address, we can realize that the login form is not on
Mooney's official domain:
http[:]//hry[.]hzh[.]mybluehost[.]me/zodan/bonifico/38f5c74da9aaed2fcc54/
Therefore, we urge you to remember that, in case of these attempts at computer fraud, you need to pay attention to every detail, even trivial ones.
If you enter the requested data, in this case your credit card details specifically, these will be delivered to the cyber criminals masterminding the scam who will use them for criminal purposes.
August 06, 2024 ==> Phishing Aruba - Fattura non pagata (Unpaid invoice)
SUBJECT: <
fattura non pagata #ARUBA1628542>
(Unpaid invoice #ARUBA1628542)
We find again this month phishing attempts pretending to be communications from the
Aruba brand.
The message warns the recipient that his/her domain hosted on
Aruba, linked to his/her e-mail account, will expire on 08/07/2024. Therefore, to renew all his services already in use, the user must complete the order and choose the most convenient payment method. If he/she does not complete the payment, all services linked to his account will be deactivated, including email accounts, so he/she will no longer be able to receive and send messages.
It then invites the user to log in to complete the payment, via the following link:
RINNOVA CON UN CLIC (RENEW WITH A CLICK)
Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
Analyzing the text of the message, we notice right away that the sender's e-mail address <
belbala1(at)gommautorecco(dot)it> is not from
Aruba's official domain.
An expiration date of 07/08/2024 is given to induce the victim to renew his or her mailbox in a timely manner. Since the email was delivered the day before, there is not much time to renew and prevent services from being deactivated. The technique of stating a deadline to conclude the procedure is intended to push the user to act immediately and without much thought, driven by the fear of his e-mail account deactivation.
Anyone who unluckily clicks on the
RINNOVA CON UN CLIC (RENEW WITH A CLICK) link, will be redirected to the displayed page.
On this page the user is invited to access his/her client area by entering his login and password so that he/she can renew the domain and avoid the block of services.
Although the site may be misleading in that the familiar
Aruba logo has been included, we see that the url address on the broswer bar is anomalous and not traceable to the official domain of
Aruba:
https[:]//accountid7278info[.]org/netfrediar/login[.]php
If you enter the requested data, these will be delivered to the cyber criminals masterminding the scam who will use them for criminal purposes. Therefore, we urge you to remember that, in case of these attempts at computer fraud, you need to pay attention to every detail, even trivial ones.
August 06, 2024 ==> Smishing "Mamma ho perso il telefono" (Mum I lost my phone)
We analyse below the attempt at SMS SCAM that hides behind a request for help from a
supposed family member.
If you receive a text message from an alleged family member who sends you his/her new phone number - because his/her has been lost/stolen/ or is not working - via a
link, be very careful and do not get scammed!
This type of fraud has already been reported several times on the web. The cybercriminal try to start a conversation with the victim, making him or her believe that his or her family member is in an emergency situation and needs financial help. The goal then is to steal sums of money.
What to do if you receive this SMS?
Below is the text of the SMS:
"Mum it's me I've lost my phone,this is a new number you can save it and write me on whatsapp? https://wa.me./344******"
The first thing to do, if you are suspicious, is to check that the phone number of your family member in your possession is working and try to contact him/her also through other channels such as social media.
In these situations, it is crucial to be very careful, avoid rush, always check the sender and block the sender or ignore the message. In any case, you shouldn't click on suspicious links if you are not sure of their origin.
A little bit of attention and glance can save a lot of hassles and headaches...
We urge you NOT to be fooled by these types of e-mails, which, even though they use familiar and not particularly sophisticated approach techniques, if there is a resurgence, with reasonable likelihood more than a few unfortunates will be fooled.
We invite you to check the following information on phishing techniques for more details:
04/07/2024 17:22 - Phishing: the most common credential and/or data theft attempts in July 2024.
03/06/2024 17:22 - Phishing: the most common credential and/or data theft attempts in June 2024..
03/05/2024 11:56 - Phishing: the most common credential and/or data theft attempts in May 2024..
03/04/2024 10:23 - Phishing: the most common credential and/or data theft attempts in April 2024...
04/03/2024 10:42 - Phishing: the most common credential and/or data theft attempts in March 2024..
06/02/2024 08:55 - Phishing: the most common credential and/or data theft attempts in February 2024...
02/01/2024 16:04 - Phishing: the most common credential and/or data theft attempts in January 2024....
11/12/2023 09:39 - Phishing: the most common credential and/or data theft attempts in December 2023...
03/11/2023 08:58 - Phishing: the most common credential and/or data theft attempts in November 2023....
03/10/2023 16:35 - Phishing: the most common credential and/or data theft attempts in October 2023....
05/09/2023 10:35 - Phishing: the most common credential and/or data theft attempts in September 2023....
01/08/2023 17:33 - Phishing: the most common credential and/or data theft attempts in August 2023..
03/07/2023 10:23 - Phishing: the most common credential and/or data theft attempts in July 2023..
Try Vir.IT eXplorer Lite
If you are not yet using Vir.IT eXplorer PRO, it is advisable to install Vir.IT eXplorer Lite -FREE Edition- to supplement the antivirus in use to increase the security of your computers, PCs and SERVERS.
Vir.IT eXplorer Lite has the following special features:
- freely usable in both private and corporate environments with Engine+Signature updates without time limitation;
- fully interoperable with other AntiVirus software and/or Internet Security products (both free and commercial) already installed on your computer. It doesn't need any uninstallation and it doesn't cause slowdowns, as some features have been appropriately reduced to ensure interoperability with the AntiVirus software already on your PC/Server. This, however, allows cross-checking through the scan;
- it identifies and, in many cases, even removes most of the viruses/malware actually circulating or, alternatively, allows them to be sent to the C.R.A.M. Anti-Malware Research Center for further analysis to update Vir.It eXplorer PRO;
- through Intrusion Detection technology, also made available in the Lite version of Vir.IT eXplorer, the software is able to report any new-generation viruses/malware that have set in automatically and send the reported files to TG Soft's C.R.A.M
- Download Vir.IT eXplorer Lite from the official distribution page of TG Soft's website.
VirIT Mobile Security AntiMalware ITALIAN for ALL AndroidTM Devices
VirIT Mobile Security Italian Anti-Malware software that protects Android™ smartphones and tablets, from Malware intrusions and other unwanted threats, and empowers the user to safeguard their privacy with an advanced heuristic approach (Permission Analyzer).
TG Soft makes VirIT Mobile Security available for free by accessing the Google Play Store market (https://play.google.com/store/apps/details?id=it.tgsoft.virit) from which you can download the Lite version, which can be freely used in both private and corporate settings.
You can upgrade to the PRO version by purchasing it directly from our website=> click here to order
Acknowledgements
TG Soft's Anti-Malware Research Center would like to thank all users, customers, reseller technicians, and all people who have transmitted/reported material attributable to Phishing activities to our Research Center, that allowed us to make this information as complete as possible.
How to submit suspicious emails for analysis as possible phishing but also virus/malware or Crypto-Malware
You can submit materials to TG Soft's Anti-Malware Research Center safely and free of charge in two ways:
- any suspect email can be sent directly by the recipient's e-mail, to the following mail lite@virit.com,choosing as sending mode "Forward as Attachment" and inserting in the subject section "Possible phishing page to verify" rather than "Possible Malware to verify";
- save the e-mail to be sent to TG Soft's C.R.A.M. for analysis as an external file to the e-mail program used. The resulting file must be sent by uploading it from the page Send Suspicious Files (http://www.tgsoft.it/italy/file_sospetti.asp). Obviously if you want a feedback on the analysis of the data submitted, you have to indicate an e-mail address and a brief description of the reason for the submission (for example: possiible / probable phishing; possible / probable malware or other).
For more details on how to safely forward suspicious e-mails, we invite you to consult the following public page: How to send suspicious emails for analysis
We provide all this information to help you prevent credential theft, viruses/malware or, even worse, next-generation Ransomware / Crypto-Malware..
TG Soft's C.R.A.M. (Anti-Malware Research Center)