06/11/2024
14:33

Phishing: the most common credential and/or data theft attempts in NOVEMBER 2024


Find out the most common phishing attempts you might encounter and avoid.

PHISHING INDEX

Below are the most common email phishing attempts detected by TG Soft's Anti-Malware Research Center in November 2024:

29/11/2024 => Mooney
26/11/2024 => Docusign
20/11/2024 => Ferrino - Vincita inattesa (Unexpected win)
14/11/2024 => Tigotà
12/11/2024 => ACI
11/11/2024 => Aruba - verifica dell'utente (User verification)
11/11/2024 => Leroy Merlin
10/11/2024 => Decathlon


These emails are intended to trick some unfortunate person into providing sensitive data - such as bank account information, credit card codes or personal login credentials - with all the possible, easily imaginable, consequences.


November 29, 2024 ==> Phishing Mooney

SUBJECT: <Verifica dell'account> (Account verification)

We analyze below a phishing attempt pretending to be a communication from Mooney, a well-known Italian Proximity Banking & Payments company..

Clicca per ingrandire l'immagine della falsa comunicazione da parte di Mooney, ma che in realtà è una TRUFFA!
The message informs the recipient that, for security reasons, it is necessary to confirm his or her personal information. Therefore he/she has to confirm or update his/her data within the next 2 days.

The user is then invited to use the following link:

Conferma della vostra identità (Confirmation of your identity)

Clearly, the well-known Italian online payment company Mooney, is unrelated to the mass sending of these emails, which are real scams whose goal remains, as always, to steal the sensitive data of the unsuspecting recipient.

Although the cyber scammer used graphics similar to or stolen from Mooney's, and had the foresight to enter the real company's data so as to fool an unwary user, we should always exercise caution before clicking on suspicious links.
In fact, when we analyze the message, we see that the sender's e-mail address cannot be traced back to Mooney's official domain. Another abnormal feature is the request to update the data by entering the account credentials through a link provided by e-mail.

Anyone who unluckily clicks on the Conferma della vostra identità (Confirmation of your identity) link, will be redirected to an anomalous WEB page unrelated to Mooney's official website.

Clicca per ingrandire l'immagine del falso sito di Mooney dove viene richiesto di effettuare l'accesso al proprio account..in realtà si tratta di una TRUFFA!
On this page the user is asked to log in to his or her restricted area by entering his or her account login and password.

Although the site may be misleading because of the graphics similar to Mooney's, the url address  is anomalous and not traceable to the official domain of the company.
 

Therefore, we urge you to always pay close attention, even to the smallest details, and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as it will be sent to a remote server and used by cyber crooks.


November 26, 2024 ==> Phishing Docusign

SUBJECT: <Review Document : Kindly Sign : filename PaymentInstructions-EFT  - 11/26/2024 4:42:23 p.m. Contact ->

We analyze below a new phishing attempt aimed at stealing the account login credentials of Docusign, the American software company that provides electronic signature products.

Clicca per ingrandire l'immagine della falsa e-mail che cerca di indurre il ricevente a inserire le credenziali di accesso all'account di Docusign.
The message, in English, ask the recipient to access his/her account to digitally sign a new document. It then invites him/her to download the document for viewing and signing through the following link:

View in DocuSign

When we analyze the email we notice that the message comes from an email address <dse_NA2(at)docusign(dot)net> that could be misleading but is not from the domain of Docusign. This is definitely anomalous and should, at the very least, make us suspicious..
Clicca per ingrandire l'immagine della videata che compare cliccando sul link di download del documento, che non rimanda al sito ufficiale di Docusign.

Anyone who unluckily clicks on the View in DocuSign will be presented with the screen shown in the side image.
As we can see we are redirected to a site unrelated to Docusign, but which graphically simulates the Microsoft account login page. This is definitely anomalous.

Based on these considerations, we point out that you should NEVER enter your credentials on sites whose origin you do not know, as they will be sent to a remote server and used by cyber crooks with all the associated, easily imaginable, risks.




November 20, 2024 ==> Phishing Ferrino - Vincita inattesa (Unexpected win)

SUBJECT: <A gi sc i o ra: P o sti li mit a t i pe r u n ri sp ar m io e s c l u s i vo !⁣> (A c t n o w: Li m it ed p lac es fo r e x clu si ve sa vin gs)

Below we analyze the following scam attempt, hidden behind a false communication from FERRINO, an Italian mountain equipment and clothing company.

Clicca per ingrandire l'immagine del falsa e-mail che sembra provenire da Ferrino, azienda italiana di attrezzatura e abbigliamento per la montagna , che informa della possibilità di vincere un premio...in realtà si tratta di una TRUFFA!
It is a promotional message that seems to offer an unmissable opportunity. The lucky user has been selected to participate in a loyalty program, through a survey that will allow him/her to win a prize: Outdoor adventure package - 12-piece set...or so it seems.
Certainly this phishing is a real decoy for many inexperienced users
Clearly FERRINO is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.

So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.

When we analyze the email, we notice that the message comes from an email address <info[at]bbc[dot]co[dot]uk> not traceable to the official domain of FERRINO. This is definitely anomalous and should, at the very least, make us suspicious. However, if we go ahead and click on the link provided, here is what happens:
 
Clicca per ingrandire l'immagine del falso sito di Ferrino che invita a partecipare ad un sondaggio per vincere un premio...ma che in realtà è una TRUFFA!
we are redirected to a landing page that, although graphically well designed (with misleading images and the authentic logo of FERRINO) does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following anomalous address/domain:

[FakeDomainName*]...

*FakeDomainName is a domain that simulates a known brand domain or is a randomly named domain.

which has no connection with  FERRINO.
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey by making him/her believe that only few people can win, and offer expires in the day. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing.

When we click on INIZIA IL SONDAGGIO (START THE SURVEY), we are taken to the next screens, where we are asked to answer 8 questions.

Here is specifically question 1/8. These questions are very general, focused on the degree of satisfaction with the services offered by FERRINO, and on the daily habits of consumers. Here, too, there is a countdown to prompt the user to quickly finish the process for the award.
Clicca per ingrandire il sondaggio che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!
When the survey is over we can finally claim our prize: Outdoor adventure package - 12-piece set that would be worth 499,22 Euros but costs us 0.
We only have to pay shipping costs, which are supposed to be small.
But let's hurry. There seem to be only 2 left in stock.
Clicca per ingrandire sondaggio che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!

Here we go: in fact, all you need to do is to enter your shipping address and pay the shipping cost, and in 5-7 business days the prize will be delivered.

Clicca per ingrandire l'immagine del falso sito di Ferrino dove vengono indicate le istruzini per ricevere il premio...
To give more credibility, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not really a scam...
Surely if so many users were lucky why not try your luck?
Clicca per ingrandire l'immagine del falso sito di Ferrino dove viene richiesto di inserire i propri dati persoanli per ricevere il fantastico premio...ma che in realtà è una TRUFFA!
Then, when we click on Continua (Continue), we are sent to a further page to enter our shipping address and pay shipping costs.
WEBSITE/PAGE. As we can see from the side image, the purpose of cyber criminals is to induce the victim to enter his/her sensitive data. Therefore the user, to complete the purchase, will be asked to enter his/her credit card data to pay shipping costs, though modest,
The page where the victim is redirected, to enter his/her personal data, is hosted on an abnormal address/domain, which we report below:

[FakeDomainName*]

To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, in this way your most valuable data is stolen by cyber crooks, who can use it at will.



November 14, 2024 ==> Phishing Tigotà

SUBJECT:  <Offerta esclusiva: Kit Medicare gratuito per te!> (Exclusive offer: free Medicare kit for you)

Below we analyze the following scam attempt, hidden behind a false communication from the well-known cosmetics and home care company TIGOTA'.

Clicca per ingrandire l'immagine del falsa e-mail che sembra provenire da Tigota', che informa della possibilità di vincere un premio...in realtà si tratta di una TRUFFA!

It is a promotional message that, using images, tries to catch the user's interest to offer him/her an unmissable opportunity. The lucky user has in fact been selected to participate in a free loyalty program, through a survey that will allow him to win a prize: a MEDICARE KIT ...or at least so it seems.
Certainly this phishing is a real decoy for many inexperienced users.

Clearly
TIGOTA' is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.

So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.

When we analyze the email, we notice that the message comes from an email address <nancy_sulik_j97585[at]saat[dot]bdwikileaks[dot]com> not traceable to the official domain of TIGOTA'. This is definitely anomalous and should, at the very least, make us suspicious.. However, if we go ahead and click on the link provided here is what happens:
 
Clicca per ingrandire l'immagine del falso sito di TIGOTA' che invita a partecipare ad un sondaggio per vincere un premio...ma che in realtà è una TRUFFA!
we are redirected to a landing page that, although graphically well designed (with misleading images and the authentic logo of TIGOTA') does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following anomalous address/domain:

[FakeDomainName*]...

*FakeDomainName is a domain that simulates a known brand domain or is a randomly named domain.

which has no connection with TIGOTA'.  
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey by making himbelieve that only few people can win, and that the offer expires in the day. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing.

When we click on  INIZIA IL SONDAGGIO (START THE SURVEY), we are taken to the next screens, where we are asked to answer 8 questions.

Here is specifically question 1/8. These are very general questions focused on the degree of satisfaction with the services offered by TIGOTA', and on the daily habits of consumers. Here, too, there is a countdown to prompt the user to quickly finish the process for the award.
Clicca per ingrandire il sondaggio che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!
When the survey is over we can finally claim our prize: a MEDICARE KIT that would be worth 129,99 Euros but costs us 0.
We only have to pay shipping costs, which are supposed to be small.
But let's hurry. There seem to be only 2 left in stock.
Clicca per ingrandire il sondaggio che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!

Here we go: in fact, all you need to do is to enter your shipping address and pay the shipping cost, and in 5-7 business days the prize will be delivered.
Clicca per ingrandire l'immagine del falso sito di TIGOTA' dove vengono indicate le istruzioni per ricevere il premio...
To give more credibility, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not really a scam.....
Surely if so many users were lucky why not try your luck?
Clicca per ingrandire l'immagine del falso sito di TIGOTA' dove viene richiesto di inserire i propri dati persoanli per ricevere il fantastico premio...ma che in realtà è una TRUFFA!
Then, when we click on Continua (Continue), we are sent to a further page to enter our shipping address and pay shipping costs.
As we can see from the side image, the purpose of the cyber criminals is to induce the victim to enter his/her sensitive data to ship the prize.
The page requesting the user's personal data, is hosted on a new abnormal address/domain:

[FakeDomainName*]

To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, in this way your most valuable data is stolen by cyber crooks who can use it at will.



November 12, 2024 ==> Phishing ACI

SUBJECT:  < S i p r e g a d i co n f e r ma r e la ri ce v u ta > (P l e a s e c o n f i r m r e c e i p t)

Below we analyze the following new scam attempt, hidden behind a false communication from ACI (The Automobile Club of Italy).

Clicca per ingrandire l'immagine del falsa e-mail che sembra provenire da ACI, che informa della possibilità di vincere un premio...in realtà si tratta di una TRUFFA!
It is  a promotional message that seems to propose an unmissable opportunity. The lucky user has been selected by ACI to participate in a survey offering a prize: an emergency car kit...or so it seems.
Certainly this phishing  is a real decoy for many inexperienced users.

Clearly  ACI is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient. So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.

When we analyze the email, we notice that the message comes from an email address <ticket[at]ticket[dot]com> not traceable to the official domain of ACI. This is definitely anomalous and should, at the very least, make us suspicious. However, if we go ahead and click on the link provided, here is what happens:

 
Clicca per ingrandire l'immagine del falso sito di ACI che invita a partecipare ad un sondaggio per vincere un premio...ma che in realtà è una TRUFFA!
we are redirected to a landing page that, although graphically well designed (with misleading images and the authentic logo of  ACI) does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following anomalous address/domain:

"https[:]//[FakeDomainName*]...''

which has no connection with  ACI.
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey, by making him/her believe that only few people can win and that the gifts are running out. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing.

When we click on   INIZIA IL SONDAGGIO (START THE SURVEY), we are taken to the next screens, where we are asked to answer 8 questions.

Here is specifically question 1/8. These are very general questions focused on the degree of satisfaction with the services offered by ACI and on the daily habits of consumers. Here, too, there is a countdown to prompt the user to quickly finish the procedure for the award.
Clicca per ingrandire sondaggio che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!
When the survey is over, we can finally claim our prize: an emergency car kit that would be worth 99.95 Euros but costs us 0. We only have to pay for shipping costs..which we assume are small.
But let's hurry..  there seems to be only 2 left in stock.
Clicca per ingrandire sondaggio che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!

''Congratulazioni! Abbiamo riservato (1) kit di emergenza per auto esclusivamente per te.''
(Congratulations! We have reserved (1) emergency car kit exclusively for you.)


Here we go: in fact, all you need to do is to enter your shipping address and pay the shipping cost, and in 5-7 business days the prize will be delivered.
Clicca per ingrandire l'immagine del falso sito di ACI dove vengono indicate le istruzini per ricevere il premio...
To give more credibility, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not really a scam.....
Surely if so many users were lucky why not try your luck?
Clicca per ingrandire l'immagine del falso sito di ACI dove sono riportate alcune recensioni di utenti che effettivamente hanno ottenuto il premio...ma che in realtà è una TRUFFA!
Then, when we click on Continua (Continue), we are redirected to a further page to enter our shipping address and pay shipping costs
The page hosting the data entry form, however, has already been reported as a DECEPTIVE WEBSITE/ PAGE..... Since the purpose of cyber criminals is to induce the victim to enter his/her sensitive data, we expect a request to enter credit card information for shipping charges, although modest.
The page shown for the entry of our personal data is hosted on a different but still suspicious address/domain:

"https[:]//[FakeDomainName*]...''

To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data is placed in the hands of cyber crooks, who can use it at will.

November 11, 2024 ==> Phishing Aruba - Verifica dell'utente (User verification)

SUBJECT:  <Verifica della proprietà_(*****) 11/11/2024 7:39:04 a.m.> (Property verification _(*****) 11/11/2024 7:39:04 a.m.)

We find below another phishing attempt that pretends to be a communication from the Aruba brand.

Clicca per ingrandire l'immagine della falsa e-mail di Aruba che induce l'utente a cliccare sul link per confermar ei propri dati, ma in realtà è una TRUFFA!
The message warns the recipient that checks are being carried out on active e-mail boxes on Aruba. The user is then asked to verify that the indicated mailbox is still active and belongs to him/her. If no response is received within 72 hours, the account will be deactivated. The following link is provided for verification:

  Verifica della proprietà  (Property verification)

Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is uninvolved in the mass sending of these e-mails, which are real scams whose objective remains, as always, to steal sensitive data of the unsuspecting recipient. 

When we analyse the text of the message, we immediately notice that the sender's e-mail address <noreply[at]arubq[dot]it> is not from Aruba's official domain.

Anyone who unluckily clicks on the link will be redirected to the displayed page.

Clicca per ingrandire l'immagine del falso sito di Aruba dove viene richiesto di effettuare il login per confermare i dati...in realtà si tratta di una TRUFFA!
On this page, the user is invited to access his/her customer area by entering his/her login and password, and confirm his/her data, to avoid the blocking of the account and related services.

Although the site may be misleading due to the well-known logo of Aruba, the url address in the browser bar is anomalous and not traceable to the company's official domain:

https[:]//[FakeDomainName*].com/vvxcvbsg/...

If you enter our data into counterfeit websites, it will be delivered to the cyber-criminals behind the scam, who can use it for malicious purposes. Although you may be prompted by haste and fear of mailbox suspension, to complete the task quickly, we always urge you to pay close attention to every detail, even trivial ones.

November 11, 2024 ==> Phishing Leroy Merlin

SUBJECT: <H⁣ a ⁣iv ⁣i ⁣nt ⁣o ⁣un⁣ C⁣ a ⁣rr⁣ el⁣ lo ⁣Po⁣ rt ⁣aut⁣ e⁣ ns ⁣ili D⁣ e⁣ W ⁣A⁣ LT⁣> (Y o u w o n a t o o l c a r t D⁣ e⁣ W ⁣A⁣ LT⁣)

Below we analyze the following scam attempt, hidden behind a false communication from Leroy Merlin, the well-known large distribution company.

Clicca per ingrandire l'immagine del falsa e-mail che sembra provenire da Leroy Merlin, che informa della possibilità di vincere un premio...in realtà si tratta di una TRUFFA!
This is a promotional message that seems to propose an unmissable opportunity. The lucky user has been selected to participate in a free loyalty program through a survey that will allow him or her to win a prize: a brand new Tool Trolley with drawer DeWALT… or so it seems.
Certainly  this phishing  is a real decoy for many inexperienced users.
 Leroy Merlin is clearly uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient. So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.

When we analyze the email, we notice that the message comes from an email address <info[at]bbc[dot]co[dot]uk> not traceable to the official domain of Leroy Merlin. This is definitely anomalous and should, at the very least, make us suspicious. However, if we go ahead and click on the link provided, here is what happens:
 
Clicca per ingrandire l'immagine del falso sito di Leroy Merlin che invita a partecipare ad un sondaggio per vincere un premio...ma che in realtà è una TRUFFA!
we are redirected to a landing page that, although graphically well designed (with misleading images and the authentic logo of Leroy Merlin) does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following anomalous address/domain:

[FakeDomainName*]...

*FakeDomainName is a domain that simulates a known brand domain or is a randomly named domain.

which has no connection with Leroy Merlin
Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey, by making him/her believe that only few people can win, and the offer expires in the day. There is also a countdown timer at the bottom of the screen, which however, if stopped - as we simulated - will start over immediately. This is a rather strange thing.

When we click on INIZIA IL SONDAGGIO (START THE SURVEY), we are taken to the next screens, where we are asked to answer 8 questions.

Here is specifically question 1/8. These are very general questions focused on the degree of satisfaction with the services offered by Leroy Merlin and on the daily habits of consumers. Here, too, there is a countdown to prompt the user to quickly finish the process for the award.
Clicca per ingrandire il sondaggio che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!
When the survey is over we can finally claim our prize: a brand new Tool Trolley with drawer DeWALT that would be worth 669,00 Euros but costs us 0. We only have to pay shipping costs, which are supposed to be small.
But let's hurry. There seem to be only 2 left in stock.
Clicca per ingrandire sondaggio che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!

Here we go: in fact, all you need to do is to enter your shipping address and pay the shipping cost, and in 5-7 business days the prize will be delivered.

Clicca per ingrandire l'immagine del falso sito di Leroy Merlin dove vengono indicate le istruzini per ricevere il premio...
To give more credibility, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not  a scam.
Surely if so many users were lucky why not try your luck?
Clicca per ingrandire l'immagine del falso sito di Leroy Merlin dove viene richiesto di inserire i propri dati persoanli per ricevere il fantastico premio...ma che in realtà è una TRUFFA!
Then, when we click on Continua (Continue), we are redirected to a further page to enter our shipping address and pay shipping costs.
As we can see from the image on the side, the cybercriminals try to trick the victim into entering his/her personal data to ship the prize. Most likely, credit card information will also be requested later for the payment of shipping costs.
The page where we are redirected, to enter our personal data, is hosted on a new abnormal address/domain, which we report below:

[FakeDomainName*]

To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links which  may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data can be stolen by cyber crooks, who can use it at will.



November 10, 2024 ==> Phishing Decathlon

Below we analyze the following scam attempt, hidden behind a false communication from the well-known company Decathlon, which spreads massively through social networks.
Clicca per ingrandire l'immagine del falso messaggio promozionale che sfrutta la nota azienda Decathlon..ma che in realtà è una TRUFFA!
These ''unmissable promotions'' are now very common. The following is an example from the month of November, which aims to brag about an unmissable occasion.
''...Chiunque può ottenere uno zaino The North Face Borealis Classic al prezzo speciale di €2!
Tutto quello che devi fare è andare sul sito [NomeDominioFake*].site e rispondere a qualche semplice domanda…''
(...Anyone can get a The North Face Borealis Classic backpack for the special price of €2!
All you have to do is go to [NameFakeName*].site and answer a few simple questions...)

The first step to obtain a gorgeous The North Face Borealis Classic backpack seems the participation in a quick and easy survey, answering only 3 questions....or at least so it seems.
Certainly this phishing is a real decoy for many inexperienced users.
Clearly the well-known company Decathlon is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.  
To give more credibility, many comments from customers who supposedly participated in the survey, have been reported. These are all confirming testimonials/feedback about the actual delivery of the winnings, ensuring that it is not a scam.
Surely if so many users were lucky why not try your luck?
We then try to click on the link, this is what happens:

Clicca per ingrandire il sondaggio che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!we are redirected to a landing page that, although graphically well done, with misleading images, does not seem trustworthy at all.
In fact, the survey to obtain the prize is hosted on the following abnormal address/domain:

[FakeDomainName*].site

*FakeDomainName is a domain that simulates a known brand domain or is a randomly named domain.

which has no connection with Decathlon.

Cyber criminals masterminding the scam, try to induce the user to quickly finish the survey, by making him/her believe that only few people can win, and the gifts are running out.

After answering the 3 generic survey questions., we are presented with a simple little game to try our luck:
we have 3 attempts to find the prize inside some gift packages..

We are really lucky. Clicca per ingrandire sondaggio che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!
After 2 attempts we made it: we managed to get the award.
But it is not over yet.
Clicca per ingrandire il form di autenticazione che permetterebbe di vincere un premio...ma che in realtà è una TRUFFA!
As highlighted in the picture, the winning is conditional on paying 2€ Euros although the shipping costs seem to be zero.
The goal of cybercriminals is to trick the victim into entering his/her sensitive credit card data. These are in fact necessary to pay the required 2 euros.
The page requesting the user's personal information is hosted on a different address/domain from the previous one, but still suspicious:

[NomeDominioFake*].com

To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable are delivered to cyber crooks, who can use it at will.


 

A little bit of attention and glance can save a lot of hassles and headaches...

We urge you NOT to be fooled by these types of e-mails, which, even though they use familiar and not particularly sophisticated approach techniques, if there is a resurgence, with reasonable likelihood more than a few unfortunates will be fooled.
 
We invite you to check the following information on phishing techniques for more details:


06/11/2024 14:33 - Phishing: the most common credential and/or data theft attempts in October 2024...
04/09/2024 09:28 - Phishing: the most common credential and/or data theft attempts in September 2024
06/08/2024 14:50 - Phishing: most popular credential and/or data theft attempts in August 2024...
04/07/2024 17:22Phishing: the most common credential and/or data theft attempts in July 2024.
03/06/2024 17:22 Phishing: the most common credential and/or data theft attempts in  June 2024..
03/05/2024 11:56 - Phishing: the most common credential and/or data theft attempts in  May 2024..
03/04/2024 10:23 - Phishing: the most common credential and/or data theft attempts in April 2024...
04/03/2024 10:42 - 
Phishing: the most common credential and/or data theft attempts in  March 2024..
06/02/2024 08:55Phishing: the most common credential and/or data theft attempts in  February 2024...
02/01/2024 16:04 - Phishing: the most common credential and/or data theft attempts in  January 2024....
11/12/2023 09:39 - 
Phishing: the most common credential and/or data theft attempts in  December 2023...
03/11/2023 08:58 - 
Phishing: the most common credential and/or data theft attempts in November 2023....
03/10/2023 16:35 -
Phishing: the most common credential and/or data theft attempts in October 2023....
05/09/2023 10:35 - 
Phishing: the most common credential and/or data theft attempts in September 2023...


Try Vir.IT eXplorer Lite

If you are not yet using Vir.IT eXplorer PRO, it is advisable to install Vir.IT eXplorer Lite -FREE Edition- to supplement the antivirus in use to increase the security of your computers, PCs and SERVERS.

Vir.IT eXplorer Lite 
has the following special features:
  • freely usable in both private and corporate environments with Engine+Signature updates without time limitation;
  • fully interoperable with other AntiVirus software and/or Internet Security products (both free and commercial) already installed on your computer. It doesn't need any uninstallation and it doesn't cause slowdowns, as some features have been appropriately reduced to ensure interoperability with the AntiVirus software already on your PC/Server. This, however, allows cross-checking through the scan;
  • it identifies and, in many cases, even removes most of the viruses/malware actually circulating or, alternatively, allows them to be sent to the C.R.A.M. Anti-Malware Research Center for further analysis to update Vir.It eXplorer PRO;
  • through Intrusion Detection technology, also made available in the Lite version of Vir.IT eXplorer, the software is able to report any new-generation viruses/malware that have set in automatically and send the reported files to TG Soft's C.R.A.M
  • Download Vir.IT eXplorer Lite from the official distribution page of TG Soft's website.
 

VirIT Mobile Security AntiMalware ITALIAN for ALL AndroidTM Devices

VirIT Mobile Security Italian Anti-Malware software that protects Android™ smartphones and tablets, from Malware intrusions and other unwanted threats, and empowers the user to safeguard their privacy with an advanced heuristic approach (Permission Analyzer).
 

VirIT Mobile Security l'Antimalware di TG Soft per Android(TM)

TG Soft makes VirIT Mobile Security available for free by accessing the Google Play Store market (https://play.google.com/store/apps/details?id=it.tgsoft.virit) from which you can download the Lite version, which can be freely used in both private and corporate settings.

 

You can upgrade to the PRO version by purchasing it directly from our website=> click here to order



Acknowledgements

TG Soft's Anti-Malware Research Center would like to thank all users, customers, reseller technicians, and all people who have transmitted/reported material attributable to Phishing activities to our Research Center, that allowed us to make this information as complete as possible.



How to submit suspicious emails for analysis as possible phishing but also virus/malware or Crypto-Malware

You can submit materials to TG Soft's Anti-Malware Research Center safely and free of charge in two ways:
  1. any suspect email can be sent directly by the recipient's e-mail, to the following mail lite@virit.com,choosing as sending mode "Forward as Attachment" and inserting in the subject section "Possible phishing page to verify" rather than "Possible Malware to verify";
  2. save the e-mail to be sent to TG Soft's C.R.A.M. for analysis as an external file to the e-mail program used. The resulting file must be sent by uploading it from the page Send Suspicious Files (http://www.tgsoft.it/italy/file_sospetti.asp). Obviously if you want a feedback on the analysis of the data submitted, you have to indicate an e-mail address and a brief description of the reason for the submission (for example: possiible / probable phishing; possible / probable malware or other).
For more details on how to safely forward suspicious e-mails, we invite you to consult the following public page: How to send suspicious emails for analysis
We provide all this information to help you prevent credential theft, viruses/malware or, even worse, next-generation Ransomware / Crypto-Malware.



TG Soft's C.R.A.M. (Anti-Malware Research Center)
Any information published on our site may be used and published on other websites, blogs, forums, facebook and/or in any other form both in paper and electronic form as long as the source is always and in any case cited explicitly “Source: CRAM by TG Soft www.tgsoft.it” with a clickable link to the original information and / or web page from which textual content, ideas and / or images have been extrapolated.
It will be appreciated in case of use of the information of C.R.A.M. by TG Soft www.tgsoft.it in the report of summary articles the following acknowledgment/thanks “Thanks to Anti-Malware Research Center C.R.A.M. by TG Soft of which we point out the direct link to the original information: [direct clickable link]”

Vir.IT eXplorer PRO is certified by the biggest international organisation: