The message, which we reproduce on the side, warns the recipient to reschedule a delivery, as an unsuccessful delivery attempt was made on June 21, and an unsuccessful phone contact was tried on June 23 to reschedule the delivery. To unblock the delivery, it seems necessary to confirm the shipment details and reschedule the delivery through the following link:

# Access delivery information verification

Two days are given to reschedule the delivery, without paying the deposit for the stationary package. Beyond that time, the storage fee will be Euro 1.27 for each day of storage.
The message, although supposedly from the GLS courier, is very poor and lacks any identifying information about the delivery. Only an ID is given (ID 50014201369) that is easily discredited by checking the tracking on the GLS official site.
We also observe how the email address it came from <support[at]allon4[dot]uk> cannot be traced back to the official domain of GLS. This fact is definitely anomalous and should, at the very least, make us suspicious.
Clearly GLS is unrelated to the mass mailing of these malicious campaigns, which are outright scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.

Anyone who unluckily clicks on the # Access delivery information verification link, will be directed to a web page that is supposed to simulate the official website of GLS, but which has already been reported as DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use it for illegal purposes.
We always urge you to pay attention to even the smallest details and not to enter your personal and/or credit card information on forms hosted on counterfeit web pages, as it will be sent to a remote server and used by cyber crooks.

17 June 2025 ==> Phishing Mailbox

SUBJECT: <Mailbox Account Password Expiry Notice | JUNE  17, 2025>
The short message, in English, informs the recipient that his/her mailbox password will expire soon. It therefore invites him/her to update his/her password in order not to lose it, through the following link:

Keep Same Password

The well-known company, is clearly unrelated to the mass sending of these emails, which are real scams whose goal remains, as always, to steal the sensitive data of the unsuspecting recipient.

If we analyze the message carefully, it contains some suspicious clues. In fact, first of all, the email address <sales[at]copely[dot].com> cannot be traced back to the official domain of Mailbox. This fact is definitely anomalous and should, at the very least, make us suspicious. It also seems strange that the user is asked to enter his/her credentials to update his/her account via a link provided via email.

Anyone who unluckily clicks on the Keep Same Password link, will be directed to an anomalous web page which has already been reported as DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use it for illegal purposes.

We always urge you to pay attention to even the smallest details and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber criminals.

15 June 2025 ==> Phishing GLS

SUBJECT: <Delivery Failure ID: 8877154996IX>

We analyse below a new data theft attempt coming via a message allegedly from the well-known GLS courier.

12 June 2025 ==> Phishing SumUp

SUBJECT: <I m p o r t a n t: S e c u r i t y u p d a t e f o r y o u r S u m U p a c c o u n t>

We find again this month the phishing attempt pretending to be a communication from SumUp, the London-based digital payments company.

The message requests the recipient to update his/her account data following a security update. It then informs him/her that if he/she does not update, he/she may permanently lose access to the account until the data is updated. The following button is indicated to proceed:

Update Data

The well-known company, is clearly unrelated to the mass sending of these emails, which are real scams whose goal remains, as always, to steal the sensitive data of the unsuspecting recipient.

If we analyze the message carefully, it contains some suspicious clues. In fact, first of all, the email address <emaa[at]idealprestiti[dot]it> cannot be traced back to the official domain of SumUp.This fact is definitely unusual and should raise our suspicions. Another strange thing is that to perform the update, the user is asked to enter his/her account credentials through a link sent via email.

Anyone who unluckily clicks on the Update Data link, will be directed to a web page which, as we can see from the picture on the side, is graphically well done and simulates quite well the official website of SumUp.

We can see, however, that the landing page in this case is hosted on the url address: https[:]//[FakeDomainName*]sumup1/ which is unrelated to the official site of the company.

We always urge you to pay attention to even the smallest details and not to enter your personal data and/or passwords on forms hosted on counterfeit web pages, as they will be sent to a remote server and used by cyber criminals.

12 June 2025 ==> Phishing Aruba - Unsent messages

SUBJECT: <Important notice: you have (2) unsent messages­­>

Phishing attempts pretending to be communications from the Aruba brand continue.

The message informs the recipient that as of June 12th, two new messages have arrived but were not delivered to the mailbox hosted on Aruba. The reason for the delivery failure seems to be a new incoming mail management policy adopted by Aruba. It therefore invites the user to retrieve the suspended message through the following link:

Click here to retrieve the message

Let 's always beware of requests to enter personal credentials via suspicious links provided by e-mail.
Clearly, the well-known web hosting, e-mail and domain registration services company Aruba, is uninvolved in the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal the unsuspecting recipient's sensitive data.

When we analyse the message we see that it comes from an email address <info(at)assovini(dot)it>  not traceable to the official domain of Aruba.This is definitely anomalous and should, at the very least, make us suspicious.

Anyone who unluckily clicks on the link, will be directed to an anomalous web page which has already been reported as DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use it for illegal purposes.

11 June 2025 ==> Phishing EuroPages

«SUBJECT:<Heinrich Bauer sent you a request concerning your product on europages>

This month, we find the following phishing attempt consisting of a false communication from  EuroPages and aimed at stealing the victim's account credentials.

The message  alerts the user of a message received concerning his/her product on EuroPages, from a certain “Heinrich Bauer”. It then invites the user to log in to his/her account to view the message, via the following link:

LOGIN TO MY ACCOUNT

When we analyse the message, we see that it comes from an email address <info(at)termoidraulicamartone(dot)com> not  traceable to the official domain of EuroPages. This is definitely abnormal and should, at least, raise our suspicions.


Anyone who unluckily clicks on the  LOGIN TO MY ACCOUNT link, will be directed to an anomalous web page which has already been reported as DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use it for illegal purposes.

04 June 2025 ==> Phishing GoDaddy

SUBJECT: <GoDaddy Billing Issue – Please Update Your Payment Method>

We analyse below the phishing attempt pretending to be a communication from GoDaddy, a US company that provides hosting and Internet domain registration.

The message, in English, informs the recipient that it was not possible to complete the renewal of GoDaddy services due to the current payment method provided. To avoid service suspension, it seems necessary to promptly update the payment information.
It then invites the user to update his/her payment method through the following link:

Update Payment

Clearly, the well-known web hosting, e-mail and domain registration service company, GoDaddy, is uninvolved in the mass sending of these e-mails, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.

When we analyse the message, we immediately see that the sender's e-mail address <support[at]alizadetajhiz[dot]com> is not from the official domain of GoDaddy.

Anyone who unluckily clicks on the Update Payment  link, will be directed to the displayed page.

As we can see, firstly, the landing page is well-designed and reasonably mimics the official GoDaddy website

We can see that the landing page in this case is hosted on the url address: https[:]//[FakeDomainName*]godaddyes/assets/ which is unrelated to the company's official website.

We therefore urge you not to rush and always pay attention to every detail, even trivial ones.
If you proceed to enter the requested data, specifically credit card details, it will be delivered to the cyber-criminal creators of the scam who will use it for malicious purposes.

04 June 2025 ==> Phishing Aruba - Expired domain

SUBJECT: <Domain ***** Expired - Last Renewal Opportunity­­>

Phishing attempts pretending to be communications from the Aruba brand continue.

The message informs the recipient that his/her domain hosted on Aruba, has expired today. It then informs him/her that in order to avoid service interruptions, he/she can proceed as of now to renew the domain, at a cost of €5.99 through the following link:

Login to Customer Area

Let us always beware of requests to enter personal credentials, via suspicious links communicated by e-mail.
Clearly, the well-known web hosting, e-mail and domain registration services company, Aruba, is uninvolved in the mass sending of these e-mails, which are real scams whose objective remains, as always, to steal sensitive data of the unsuspecting recipient.

In order to induce the victim to act promptly, the cyber-criminal allows little time to act. This technique is definitely intended to intimidate the user, who, out of fear of his/her account and services being blocked, is pushed to act without proper caution.

Anyone who unluckily clicks on the link, will be directed to an anomalous web page which has already been reported as DECEPTIVE WEBSITE/PAGE. In fact it is run by cyber-criminals whose goal is to get hold of your most valuable data in order to use it for malicious purposes.  .

04 June 2025 ==> Phishing customer survey: LeroyMerlin / Decathlon

Customer survey-themed phishing campaigns, exploiting well-known brands, continue. The two cases below, involve large-scale retail companies.
The brands exploited in these campaigns are clearly unrelated to the mass sending of these malicious e-mails, which are outright scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
In the two examples above we see that the emails clearly come from addresses  <it9861523wedw[at]appartamentobelvedere[dot]it> and <it9846513wesdsw[at]manzomed[dot]com> unrelated to the official domain of  Decathlon or Leroy Merlin. This is definitely anomalous and should certainly make us suspicious.

When we click on the links in the e-mail, we are directed to a landing page that may look graphically deceptive (with misleading images and the brand's authentic logo), but is hosted on an abnormal address/domain that is not  trustworthy or traceable to the exploited brand.

The cybercriminals behind the scam, in order to achieve their goal, use various tricks, such as reporting false testimonials from customers who have won the prize. They try to persuade the user to complete the survey quickly, by making him/her believe that only a few can win, and that the offer expires today.
Surely if so many users were lucky why not try our luck?

When the survey is completed, the user is usually sent to a page for the entry of the shipping address and subsequent payment of shipping costs.
The cybercriminals' purpose, is to induce the victim to enter his/her personal information to ship the prize and then, likely, also the credit card information to pay the shipping costs.

To conclude, we always urge you to be wary of advertising/promotional messages that boast of "giving away" valuables, and avoid clicking on suspicious links whose links may lead to a counterfeit site. In fact, if you trust these messages, your most valuable data is stolen by cyber crooks who can use it at will.

03 June 2025 ==> Phishing TELEPASS    

SUBJECT: <Expiring offer! The Emergency Kit is yours, act now!>

Below we analyze the attempted scam hidden behind false communications by the well-known Italian company TELEPASS  working in the urban and suburban mobility services industry.
It is a graphically and textually well-crafted message that aims to make the user believe that he or she is facing a real unmissable opportunity. The lucky user has been selected as the winner of a fantastic prize, or at least that's what it looks like: a new "Latest generation emergency kit for cars" which can be claimed by participating in a short survey on service user experience.
Certainly this phishing is a real decoy for many inexperienced users.
Clearly the well-known company TELEPASS is uninvolved in the mass mailing of these malicious campaigns, which are real scams whose goal remains, as always, to steal sensitive data of the unsuspecting recipient.
So keep an eye out. All it takes to avoid unpleasant incidents, is a little attention and a quick glance.

We immediately see that the message comes from an email address <commerciale[at]nuovafloricoltura[dot]it> clearly not traceable to the official domain of TELEPASS. This is definitely anomalous and should, at the very least, make us suspicious. However, if we go ahead and click on the link in the emails, here is what happens: 
We are sent to a landing page that is absolutely unrelated to TELEPASS., and unlike what was expected, we are not asked to answer any surveys....

The page is hosted on an abnormal address/domain: https[:]//[FakeDomainName*].... that has no connection with TELEPASS. We are in fact redirected to a site that graphically simulates the German news portal  T-online, a really anomalous thing.

We therefore urge you not to rush and to remember that, in the case of these attempted computer frauds, you need to pay attention to every detail, even trivial ones.

02 June 2025 ==> SCAM State Police

«SUBJECT: <Convocation. N°000158 IT./🔴>

The following is an attempt at SCAM, which serves a summons on the victim.

The message, which arrived via a very suspicious email <henrique[dot]salazar[at]aluno[dot]colegiorecriarte[dot]com[dot]br> contains a .jpg attachment called <CONVOCATION1>. The text is also very concise, only another e-mail address <direzione[dot]generale[at]tutamail[dot]com> for more information is given.
When we open the attachment, which we see below, we see that it is set up in a graphically deceptive manner. This is a false citation for child pornography that supposedly came from Ms ‘Nunzia Ciardi’ Director of the Department of Postal and Communications Police. It refers to a case of child pornography, paedophilia, exhibitionism and cybernetic pornography and concerns the victim because, according to the FALSE complaint, he visited a child pornography site.
This is an attempted scam by cyber criminals, with the aim of extorting a sum of money, in this case in the form of a fine. In fact, the message reads as follows:

" Please email us your justifications so that they may be examined and verified in order to assess sanctions; this within a strict deadline of 72 hours.."

If the victim does not respond within 72 hours, the complaint will be sent to the Milan Public Prosecutor's Office, which will draw up an arrest warrant for subsequent arrest.
We can easily understand that this is a false complaint because first of all it is not personal.

This is clearly an attempt at fraud with the aim to steal sensitive user data and extort money.