PHISHING INDEX
Below are the most common email phishing attempts detected by TG Soft's Anti-Malware Research Center in October 2024:
29/10/2024 =>
Aruba
25/10/2024 =>
Nexi
23/10/2024 =>
ACI
21/10/2024 =>
LIDL
15/10/2024 =>
Mooney
14/10/2024 =>
Account di Posta (Email Account)
14/10/2024 =>
Telepass
14/10/2024 =>
Esselunga
12/10/2024 =>
Aruba
08/10/2024 =>
Nexi
08/10/2024 =>
Telepass
07/10/2024 =>
Decathlon
05/10/2024 =>
Aruba - Rischi di perdere il tuo nome di dominio! (You risk losing your domain name!)
These emails are intended to trick some unfortunate person into providing sensitive data - such as bank account information, credit card codes or personal login credentials - with all the possible easily imaginable consequences.
October 29, 2024 ==> Phishing Aruba - Verifica dell'utente (User verification)
SUBJECT:
<Verifica della proprietà_(*****) 10/28/2024 6:57:31 p.m> (Property verification_(*****) 10/28/2024 6:57:31 p.m>)
We find below another phishing attempt pretending to be a communication from the
Aruba brand.
The message warns the recipient that checks are being carried out on active e-mail boxes on
Aruba. The user is then asked to verify that the indicated mailbox is still active and belongs to him/her. If no response is received within 72 hours, the account will be deactivated. The following link is provided for verification:
Verifica della proprietà (Property verification)
Clearly, the well-known web hosting, e-mail and domain registration services company
Aruba, is uninvolved in the mass sending of these e-mails, which are real scams whose objective remains, as always, to steal sensitive data of the unsuspecting recipient.
When we analyse the text of the message, we immediately notice that the sender's e-mail address <
noreply[at]arubq[dot]it> is not from
Aruba's official domain.
Anyone who unluckily clicks on the link will be redirected to the displayed page.
On this page the user is invited to access his/her customer area by entering his/her login and password and confirm his/her data, to avoid the blocking of the account and related services.
Although the site may be misleading due to the well-known logo of
Aruba, the url address in the browser bar is anomalous and not traceable to the company's official domain:
https[:]//[NomeDominioFake*].com/vvxcvbsg/...
If you enter our data into counterfeit websites, it will be delivered to the cyber-criminals behind the scam, who can use it for malicious purposes. Although you may be prompted by haste and fear of mailbox suspension to complete the task quickly, we always urge you to pay close attention to every detail, even trivial ones.
October 25, 2024 ==> Phishing Nexi
SUBJECT: <
Importante: Attivare il nuovo sistema di sicurezza> (
Important: Activate the new security system)
This new phishing attempt pretends to be a communication from Nexi, a well-known digital payment services company.
The message informs the recipient to activate by October 28 a new security system that provides greater security and reliability. After this date it will no longer be possible to carry out transactions with the Nexi card.
To activate the service, the user only needs to click the following link:
Clicca qui (Click here)
Clearly the well-known company, is unrelated to the mass sending of these emails, which are real scams whose goal remains, as always, to steal the sensitive data of the unsuspecting recipient.
Although the Nexi's logo may be misleading, there are some suspicious clues.
First the e-mail is generic and does not provide any identifying information about the client or the linked account. In addition, in order to upgrade, the user is asked to enter his/her account credentials using a link provided by e-mail. Moreover, a short deadline for action is given. This prompts the user to act quickly and without thinking, frightened by the fear of service interruption.
Anyone who unluckily clicks on the Clicca qui (Click Here) link, will be directed to the page shown on the side.
The site graphically simulates the Nexi’s login page, where the user is requested to enter his/her login information but the address/domain is anomalous.
We therefore warn you NOT to ever enter your credentials on sites whose provenance is unknown, as they will be sent to a remote server, and used by cyber crooks with all the associated, easily imaginable, risks.
October 23, 2024 ==> Phishing ACI
SUBJECT:
< Abbiamo una sorpresa per i clienti ACI. > (We have a surprise for ACI customers)>
We analyze below a phishing attempt pretending to be a communication from the well-known
ACI (Automobile Club of Italy).
This is a promotional message that seems to propose an unmissable opportunity. The lucky user has been selected by
ACI to participate in a survey offering a prize: an emergency car kit...or so it seems.
Certainly behind this phishing there is a real decoy for many inexperienced users.
Clearly
ACI is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient. So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.
When we analyze the email, we notice that the message comes from an email address <
ACI-Emergency[at]bestoftoday[dot].click> not traceable to the official domain of
ACI. This is definitely anomalous and should, at the very least, make us suspicious. However, if we go ahead and click on the link provided, here is what happens:
we are redirected to a landing page that, although graphically well designed (with misleading images and the authentic logo of
ACI) does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following anomalous address/domain:
"https[:]//[NomeDominioFake*]...''
which has no connection with
ACI.
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey, by making him believe that only few people can win and that the gifts are running out. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing
When we click on
INIZIA IL SONDAGGIO,
(START THE SURVEY) we are taken to the next screens, where we are asked to answer 8 questions.
Here is specifically question 1/8. These are very general questions focused on the degree of satisfaction with the services offered by
ACI and on the daily habits of consumers. Here, too, there is a countdown to prompt the user to quickly finish the process for the award.
At the end of the survey we can finally claim our prize: car emergency kit that would be worth 99,95 Euros but costs us 0. We only have to pay shipping costs, which are supposed to be small.
But let's hurry. There seem to be only 2 left in stock..
''Congratulazioni! Abbiamo riservato (1) kit di emergenza per auto esclusivamente per te.''
(Congratulations! We have reserved (1) emergency car kit exclusively for you.)
Here we go: in fact, all you need to do is to enter your shipping address and pay the shipping cost, and in 5-7 business days the prize will be delivered....
To give more credibility, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not really a scam...
Surely if so many users were lucky why not try your luck?!
Then, when we click on
Continua (Continue), we are redirected to a further page to enter our shipping address and pay shipping costs
The page hosting the data entry form however has already been reported as a DECEPTIVE WEBSITE/ PAGE..... Since the purpose of cyber criminals is to induce the victim to enter his/her sensitive data, we expect a request to enter credit card information for shipping charges, although modest.
The page asking our personal data is hosted on a different but still suspicious address/domain:
"https[:]//[NomeDominioFake*]...''
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data is delivered to cyber crooks, who can use it at will.
October 23, 2024 ==> Phishing LIDL
SUBJECT:
< S e t d a 3 p e z zi P a rk si d e P r em i e sc lus iv i p er v oi > (P a r k s id e 3 p i e c e s e t E xc lus ive pri ze s f or y ou)
Below we analyze the scam attempt behind a false communication, exploiting the well-known company
LIDL.
It is a promotional message that seems to offer an unmissable opportunity. The lucky user has been selected to participate in a loyalty program through a survey that will allow him/her to win a prize: a brand new
Parkside 3-piece set...or so it seems.
Certainly behind this phishing there is a real decoy for many inexperienced users
Clearly
LIDL is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.
When we analyze the email, we notice that the message comes from an email address <
ticket[at]ticket[dot]com> not traceable to the official domain of
LIDL. This is definitely anomalous and should, at the very least, make us suspicious. However, if we go ahead and click on the link provided, here is what happens:
We are redirected to a landing page that, although graphically well designed (with misleading images and the authentic logo of
LIDL) does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following anomalous address/domain:
"https[:]//[NomeDominioFake*]...''
which has no connection with
LIDL.
Cyber criminals masterminding the scam try to induce the user to quickly finish the survey by making him/her believe that only few people can win, and the gifts are about to run out. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing
.
When we click on
INIZIA IL SONDAGGIO (Start the survey), we are taken to the next screens, where we are asked to answer 10 questions.
Here is specifically question 1/10. These are very general questions focused on the degree of satisfaction with the services offered by LIDL, and on the daily habits of consumers. Here, too, there is a countdown to prompt the user to quickly finish the process for the award.
At the end of the survey we can finally claim our prize: a brand new Parkside 3-piece set that would be worth 649,99 Euros but costs us 0..
We only have to pay shipping costs, which are supposed to be small.
But let's hurry. There seem to be only 2 left in stock….
''Congratulazioni! Abbiamo riservato (1) Set di 3 pezzi Parkside esclusivamente per te.''
(Congratulations! We have reserved (1) Parkside 3-piece set exclusively for you)
Here we go: in fact, all you need to do is to enter your shipping address and pay the shipping cost, and in 5-7 business days the prize will be delivered...
To give more credibility, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not really a scam.....
Surely if so many users were lucky why not try your luck?!
Then, when we click on
Continua (Continue), we are sent to a further page to enter our shipping address and pay shipping costs.
The page hosting the data entry form, however, has already been flagged as a deceptive WEBSITE/PAGE... The purpose of cyber criminals is to induce the victim to enter his/her sensitive data. Therefore the user, to complete the purchase, will be asked to pay shipping costs, though modest, by entering his/her credit card details.
The page where we are redirected, to enter our personal data, is hosted on an abnormal address/domain, which we report below:
"https[:]//[NomeDominioFake*]...''
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, in this way your most valuable data is placed in the hands of cyber crooks, who can use it at will.
October 15, 2024 ==> Phishing Mooney
SUBJECT: <Ultimo promemoria #28472569!> (Last reminder #28472569!)
We analyze below a phishing attempt pretending to be a communication from Mooney, a well-known Italian Proximity Banking & Payments company.
The message informs the recipient about a problem with the phone number linked to his or her account, because it may not have been used for a long time, and so it is necessary to update the information.
The user is then invited to use the following link:
Verifica il mio account (Verify my account)
Clearly, the well-known Italian online payment company Mooney, is unrelated to the mass sending of these emails, which are real scams whose goal remains, as always, to steal the sensitive data of the unsuspecting recipient.
Although the cyber crook used graphics similar to or stolen from Mooney's, and took care to include the real company's data so as to fool an unwary user, we should always exercise caution before clicking on suspicious links.
In fact, when we analyze the message, we immediately notice that the sender's e-mail address cannot be traced back to Mooney's official domain. Another anomalous fact is the request to update account data through a link sent by e-mail.
Anyone who unluckily clicks on the Verifica il mio account (Verify my account) link, will be redirected to an anomalous WEB page unrelated to Mooney's official site.
On this page, the user is prompted to log in to their restricted area by entering their account login and password.
Although the site may be misleading because of its
Mooney-like graphics, the url address on the browser bar is anomalous and not traceable to the official domain of the company.
Therefore, we urge you to always pay close attention, even to the smallest details, and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber crooks.
October 14, 2024 ==> Phishing Account Posta Elettronica (Phishing Email Account)
SUBJECT: <NOTICE: Action Required>
We analyze below a new phishing attempt that aims to steal e-mail account login credentials.
The message, in English, informs the recipient that the storage space in his/her e-mail account is almost full. It then invites him/her to free up space to continue using his/her inbox and to receive new incoming messages, by clicking on the following link:
Reset storage
When we analyze the email we see that the message comes from an email address <no-reply(at)gsmedi(dot)com> not traceable to the domain where the email account is hosted. This is definitely anomalous and should, at the very least, make us suspicious.
Anyone who unluckily clicks on the Reset storage link will be presented with the screen shown in the side image.
As we can see wee are redirected to a site that graphically simulates the Webmail login page, and where we are prompted to enter login information. However, the page is hosted on an anomalous address/domain.
Given these considerations, we recommend that you NEVER enter your credentials on sites with unknown origin, as they will be sent to a remote server and used by cyber crooks with all the associated, easily imaginable, risks.
October 14, 2024 ==> Phishing ESSELUNGA
SUBJECT:
<Hai vinto un Set di Tupperware da 36 pezzi> (You won a 36-piece Tupperware set)
Below we analyze the following scam attempt, hidden behind a false communication from the well-known large distribution company
Esselunga.
It is a promotional message that seems to propose an unmissable opportunity.
The lucky user has been selected to participate in the current promotion through a survey that will allow him/her to win a prize: a
36-piece Tupperware Modular Mates set...or so it seems.
Certainly behind this phishing there is a real decoy for many inexperienced users.
Clearly
Esselunga is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient. So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.
When we analyze the email, we notice that the message comes from an email address <
ticket[at]ticket[dot]com> not traceable to the official domain of
Esselunga. This is definitely anomalous and should, at the very least, make us suspicious. However, if we go ahead and click on the link provided, here is what happens:
we are redirected to a landing page that, although graphically well designed (with misleading images and the authentic logo of
Esselunga) does not seem trustworthy at all.
In fact, the survey to obtain the prize, is hosted on the following anomalous address/domain:
"https[:]//[NomeDominioFake*]...''
which has no connection with
Esselunga.
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey, by making him believe that only few people can win, and the offer expires in the day. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing.
Cliccando su
INIZIA IL SONDAGGIO (START THE SURVEY), we are taken to the next screens, where we are asked to answer 10 questions.
Here specifically is question 1/10. These are, in fact, all very general questions focusing on the degree of satisfaction with the services offered by
Esselunga and the daily habits of consumers. We see that the countdown timer is also present here to prompt the user to quickly finish the process for the award.
At the end of the survey, we can finally claim our prize:a 36 Piece Tupperware Modular Set which is worth Euro 399,99 but costs us zero. We only have to pay shipping costs, which are supposed to be small.
But let's hurry.. There seems to be only 2 left in stock...
''Congratulazioni! Abbiamo riservato (1) 36 Piece Tupperware da 36 pezzi esclusivamente per te.''
(Congratulations! We have reserved (1) 36 Piece Tupperware Modular Set exclusively for you.)
Here we go: in fact, all we need to do is enter our shipping address and pay the shipping cost, and in 5-7 business days the prize will be delivered ....
To make the scam more trustworthy, several comments have been reported from customers who seem to have already participated in the survey. These are all reassuring testimonials/feedback about the actual delivery of the winnings and thus on the reliability of the message.
Surely if so many users were lucky why not try your luck?!
Then, if we click on
Continua (Continue), we will be directed to another page to enter our shipping address and pay shipping costs.
As we can see from the side image, the purpose of the cyber criminals is to induce the victim to enter his/her data needed to ship the prize. Then credit card information will very probably be requested to pay shipping costs.
The page you are redirected to, in order to enter your personal information, is hosted on a new abnormal address/domain:
"https[:]//[NomeDominioFake*]...''
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data is delivered to cyber crooks, who can use it at will.
October 12, 2024 ==> Phishing Aruba - Аvvіѕо Рrоѕѕіmо Rіnnоvо (Upcoming Renewal Notice)
SUBJECT: <
Avvіѕо Рrоѕѕіmо Rіnnоvо>
(upcoming renewal notice)
Once again this month we find phishing attempts pretending to be communications from the Aruba brand.
The message informs the recipient that an error has occurred during the automatic renewal of the services connected to his/her mailbox hosted on Aruba. It therefore invites him/her to update the banking information by filling in the payment form linked to his/her account, through the following link:
Aggiorna ora (Update now)
Clearly, the well-known web hosting, e-mail and domain registration services company,
Aruba, is uninvolved in the mass sending of these e-mails, which are real scams whose objective remains, as always, to steal sensitive data of the unsuspecting recipient.
When we analyse the e-mail, we immediately see that the alert message comes from an address <
medzihradsky(at)camposat(dot)emktlw-09(dot)com> clearly not from the official domain of
Aruba. Therefore it is crucial to be very careful before clicking on suspicious links.
Anyone who unluckily clicks on the Aggiorna ora (Update now) link, will be redirected to a page unrelated to the official site, but which has already been flagged as a DECEPTIVE WEBSITE/PAGE.
Although haste and the fear of the e-mail account suspension may prompt the user to conclude the transaction quickly, we always urge you to pay the utmost attention to every detail, even trivial ones.
By entering data on counterfeit websites, it will be delivered to the cyber criminals behind the scam, who will use it for illegal purposes.
October 8, 2024 ==> Phishing Nexi
SUBJECT: <
Importante: Attivare il nuovo sistema di sicurezza> (
Important: Activate the new security system)
This new phishing attempt pretends to be a communication from
Nexi, a well-known digital payment services company.
The message informs the recipient to activate, by
October 11, a new security system that provides greater security and reliability. After this date it will no longer be possible to carry out transactions with the
Nexi card.
To activate the service, the user only needs to click the following link:
Clicca qui (Click here)
Clearly the well-known company, is unrelated to the mass sending of these emails, which are real scams whose goal remains, as always, to steal the sensitive data of the unsuspecting recipient.
Although the presence of Nexi's logo may be misleading, there are some suspicious clues. First, the e-mail is generic and does not provide any identifying information about the client or the linked account. In addition, in order to update the service, the user is asked to enter his/her account credentials using a link provided by e-mail. Moreover, a short deadline for action is given. This prompts the user to act quickly and without thinking, frightened by the fear of service interruption.
Anyone who unluckily clicks on the
Clicca qui (Click here), will be redirected to an anomalous WEB page, which is unrelated to the nexi's official website, but which has already been reported as a DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals who want to get hold of your most valuable data, in order to use them for illegal purposes.
.
We always urge you to pay attention to even the smallest details and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as it will be sent to a remote server and used by cyber crooks.
October 8 - 14, 2024==> Phishing TELEPASS
Below we analyse the following scam attempts concealed behind false communications by TELEPASS, a well-known Italian urban and suburban mobility service provider.
Here we present two examples, graphically and textually different, but with the same objective of boasting an unmissable opportunity. The lucky user has been selected as the winner of a fantastic prize, a new "CAR EMERGENCY KIT", which can be claimed by participating in a lottery through a short survey... or so it seems.
Example No. 1
OGGETTO: <Abbiamo una sorpresa per i clienti Telepass>
SUBJECT:(We have a surprise for Telepass customers)
Example No. 2
OGGETTO: <Sicurezza stradale semplificata: acquista il kit di emergenza per auto essenziale !#6IoJGw>
SUBJECT: (Road safety made easy: buy the essential car emergency kit #6IoJGw)
Certainly this phishing is a real decoy for many inexperienced users.
Clearly the well-known company
TELEPASS is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.
When we analyse the e-mail, we notice that both messages come from an e-mail address ( <id33292515it[at]baby2[dot]eu> and <Telepass-atc[at]bestoffersprom[dot]click>) that clearly cannot be traced back to the official domain of TELEPASS. This is definitely anomalous and should, at the very least, make us suspicious. However, if we go ahead and click on the link provided, here is what happens:
we are redirected to a landing page that, although graphically well designed (with misleading images and the authentic logo of
TELEPASS) does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following anomalous address/domain:
https[:]//[NomeDominioFake*]...
which has no connection with
TELEPASS.
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey, by making him/her believe that only few people can win, and the offer expires in the day. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing.
When we click on
LO VOGLIO (I WANT IT), we are taken to the next screens, where we are asked to answer 8 questions.
Here is specifically question 1/8. These are very general questions focused on the degree of satisfaction with the services offered by
TELEPASS and about the company's marketing/promotional choices. Here, too, there is a countdown to prompt the user to quickly finish the process for the award.
At the end of the survey we can finally claim our prize: Car emergency kit that would be worth 99,95 Euros but costs us 0 Euros. We only have to pay the shipping cost of 2 Euro.
But let's hurry. There seem to be only 2 left in stock..
To give more credibility, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not really a scam.
Surely if so many users were lucky why not try your luck?!
Here we go: by clicking on
RICHIEDI ORA (REQUEST NOW), we are in fact redirected to a new screen where we just need to enter our shipping address and pay the shipping cost and in 5-7 business days the prize will be delivered.
Then, when we click on
Continua (Continue), we are sent to a further page to enter our shipping address and pay shipping costs.
As we can see from the image on the side, the cybercriminals try to trick the victim into entering his/her data to ship the prize. Most likely, credit card information will also be requested later for the payment of shipping costs.
Although the landing page is graphically well designed and contains a detailed description of the prize up for grabs, it is hosted on an anomalous new address/domain:
https[:]//[NomeDominioFake*][.]...
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data is delivered to cyber crooks, who can use it at will.
October 7, 2024 ==> Phishing Decathlon
SUBJECT:
<Preparati a tutto con il kit di sopravvivenza da 170 pezzi !#wjAdT> (Get ready for anything with the 170-piece survival kit! #wjAdT)
Below we analyze the following scam attempt behind a false communication from the well-known company
Decathlon.
It is a promotional message that seems to propose an unmissable opportunity. The lucky user has been selected to participate in a loyalty program through a short survey, that gives a chance to win a prize:
170 PCS SURVIVAL KIT...or so it seems.
Certainly this phishing is a real decoy for many inexperienced users.
Clearly the well-known company
Decathlon is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.
When we analyze the email, we notice that the message comes from an email address <
ps63fwd[at]olispin[dot]it> clearly not traceable to the official domain of
Decathlon. This is definitely anomalous and should, at the very least, make us suspicious. However, if we go ahead and click on the link provided, here is what happens:
we are redirected to a landing page that, although graphically well designed (with misleading images and the authentic logo of Decathlon) is however hosted on an anomalous address/domain:
https[:]//[NomeDominioFake*]...
which has no connection with Decathlon.
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey, by making him/her believe that only few people can win, and the gifts are running out.
There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing.
When we click on
LO VOGLIO (I WANT IT), we are taken to the next screens, where we are asked to answer 8 questions.
Here specifically is question 1/8. These are, in fact, all very general questions focused on the degree of satisfaction with the services offered by DECATHLON and the daily habits of consumers. Here, too, there is a countdown to prompt the user to quickly finish the process for the award.
At the end of the survey we can finally claim our prize: a
Car emergency kit that would be worth 89,99 Euros but costs us 0 Euros. We only have to pay shipping costs, which are supposed to be small.
But let's hurry.. There seems to be only (1) left in stock..
To give more credibility, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not really a scam.....
Surely if so many users were lucky why not try your luck?!
''Congratulazioni! Abbiamo riservato (1)170 PCS Survival Kit esclusivamente per te.''
(Congratulations!!! We have reserved (1)170 PCS Survival Kit exclusively for you).
Here we go: in fact, all we need to do is to enter your shipping address and pay the shipping cost, and in 5-7 business days the prize will be delivered.... .
Anyone who unluckily clicks on the
Continua (Continue) link, will be redirected to an anomalous WEB page,which has already been reported as a DECEPTIVE WEBSITE/PAGE. This page will ask the user’s address for shipping and payment of shipping costs.
Usually the data entry form is designed in a graphically misleading way and hosted on an anomalous domain. Here you will be asked to enter your credit card data to complete the payment.
Indeed, the purpose of cyber criminals remains exactly to steal user data, in this case credit card data!
To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data is delivered to cyber crooks, who can use it at will.
October 5, 2024 ==> Phishing Aruba - Rischi di perdere il tuo nome di dominio! (You risk losing your domain name!)
SUBJECT:
<Rischi di perdere il tuo nome di dominio! (You risk losing your domain name!)
Phishing attempts pretending to be communications from
Aruba continue this month.
The message informs the recipient that his/her domain hosted on
Aruba is expiring on 5/10/2024. To proceed, he/she must click on one of the proposed links:
RINNOVA CON UN CLIC (RENEW WITH A CLICK)
ATTIVA RINNOVO AUTOMATICO (ENABLE AUTOMATIC RENEWAL)
and follow the instructions.
Clearly, the well-known web hosting, e-mail and domain registration services company,
Aruba is unrelated to the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
When we analyze the message, we notice right away that the sender's e-mail address <
usan11[at]mail[dot]c-5[dot]ne[dot]jp> is not from
Aruba's official domain.
Anyone who unluckily clicks on either of the links provided will be redirected to the page displayed
On this page, the user is prompted to log in to his or her client area with his or her login and password in order to then renew the domain and avoid the block of services connected to it.
Although the site may be misleading because of the presence of the well-known
Aruba logo, the url address on the broswer bar is anomalous and not traceable to the official domain:
https[:]//[NomeDominioFake*].com.br...
If we enter our data into counterfeit websites, in fact, they will be delivered to the cyber-criminals behind the scam, who will use it for criminal purposes. Therefore, we urge you not to be in a hurry and remind you that, in such attempts at cyber fraud, it is necessary to pay attention to every detail, even trivial ones.
A little bit of attention and glance can save a lot of hassles and headaches...
We urge you NOT to be fooled by these types of e-mails, which, even though they use familiar and not particularly sophisticated approach techniques, if there is a resurgence, with reasonable likelihood more than a few unfortunates will be fooled.
We invite you to check the following information on phishing techniques for more details:
04/09/2024 09:28
- Phishing: the most common credential and/or data theft attempts in September 2024
06/08/2024 14:50 - Phishing: most popular credential and/or data theft attempts in August 2024...
04/07/2024 17:22 - Phishing: the most common credential and/or data theft attempts in July 2024.
03/06/2024 17:22 - Phishing: the most common credential and/or data theft attempts in June 2024..
03/05/2024 11:56 - Phishing: the most common credential and/or data theft attempts in May 2024..
03/04/2024 10:23 - Phishing: the most common credential and/or data theft attempts in April 2024...
04/03/2024 10:42 - Phishing: the most common credential and/or data theft attempts in March 2024..
06/02/2024 08:55 - Phishing: the most common credential and/or data theft attempts in February 2024...
02/01/2024 16:04 - Phishing: the most common credential and/or data theft attempts in January 2024....
11/12/2023 09:39 - Phishing: the most common credential and/or data theft attempts in December 2023...
03/11/2023 08:58 - Phishing: the most common credential and/or data theft attempts in November 2023....
03/10/2023 16:35 - Phishing: the most common credential and/or data theft attempts in October 2023....
05/09/2023 10:35 - Phishing: the most common credential and/or data theft attempts in September 2023....
01/08/2023 17:33 - Phishing: the most common credential and/or data theft attempts in August 2023..
Try Vir.IT eXplorer Lite
If you are not yet using Vir.IT eXplorer PRO, it is advisable to install Vir.IT eXplorer Lite -FREE Edition- to supplement the antivirus in use to increase the security of your computers, PCs and SERVERS.
Vir.IT eXplorer Lite has the following special features:
- freely usable in both private and corporate environments with Engine+Signature updates without time limitation;
- fully interoperable with other AntiVirus software and/or Internet Security products (both free and commercial) already installed on your computer. It doesn't need any uninstallation and it doesn't cause slowdowns, as some features have been appropriately reduced to ensure interoperability with the AntiVirus software already on your PC/Server. This, however, allows cross-checking through the scan;
- it identifies and, in many cases, even removes most of the viruses/malware actually circulating or, alternatively, allows them to be sent to the C.R.A.M. Anti-Malware Research Center for further analysis to update Vir.It eXplorer PRO;
- through Intrusion Detection technology, also made available in the Lite version of Vir.IT eXplorer, the software is able to report any new-generation viruses/malware that have set in automatically and send the reported files to TG Soft's C.R.A.M
- Download Vir.IT eXplorer Lite from the official distribution page of TG Soft's website.
VirIT Mobile Security AntiMalware ITALIAN for ALL AndroidTM Devices
VirIT Mobile Security Italian Anti-Malware software that protects Android™ smartphones and tablets, from Malware intrusions and other unwanted threats, and empowers the user to safeguard their privacy with an advanced heuristic approach (Permission Analyzer).
TG Soft makes VirIT Mobile Security available for free by accessing the Google Play Store market (https://play.google.com/store/apps/details?id=it.tgsoft.virit) from which you can download the Lite version, which can be freely used in both private and corporate settings.
You can upgrade to the PRO version by purchasing it directly from our website=> click here to order
Acknowledgements
TG Soft's Anti-Malware Research Center would like to thank all users, customers, reseller technicians, and all people who have transmitted/reported material attributable to Phishing activities to our Research Center, that allowed us to make this information as complete as possible.
How to submit suspicious emails for analysis as possible phishing but also virus/malware or Crypto-Malware
You can submit materials to TG Soft's Anti-Malware Research Center safely and free of charge in two ways:
- any suspect email can be sent directly by the recipient's e-mail, to the following mail lite@virit.com,choosing as sending mode "Forward as Attachment" and inserting in the subject section "Possible phishing page to verify" rather than "Possible Malware to verify";
- save the e-mail to be sent to TG Soft's C.R.A.M. for analysis as an external file to the e-mail program used. The resulting file must be sent by uploading it from the page Send Suspicious Files (http://www.tgsoft.it/italy/file_sospetti.asp). Obviously if you want a feedback on the analysis of the data submitted, you have to indicate an e-mail address and a brief description of the reason for the submission (for example: possiible / probable phishing; possible / probable malware or other).
For more details on how to safely forward suspicious e-mails, we invite you to consult the following public page: How to send suspicious emails for analysis
We provide all this information to help you prevent credential theft, viruses/malware or, even worse, next-generation Ransomware / Crypto-Malware.
TG Soft's C.R.A.M. (Anti-Malware Research Center)