Italy’s Post Office Customers Victimized with Fake Mails
A phishing scam that has been targeting Italians in the history tries to trick internet users into handling over personal information, warns bit defender online at softpedia on March 20, 2012.
The scam e-mail opens up in a jovial mood, urging the customers of post office to verify the login credentials as a routine check-up for maintenance purposes. The e-mails scoops up various parts of the genuine template, such as menus and banners, thus giving the look of a genuine mail that could be employed towards tricking customers.
To verify one's identification-related data, users are requested to click on a link that leads them to an online form, to fill in their names, passwords, credit card IDs, and CVVs. Once the information is given, the data is stored in a plain text file on the same server, where malicious form is hosted.
However, the most interesting part of this venture attack is that the retrieved data is neither sent through e-mail to an attacker nor recovered in a database. As an alternative, it is gathered in a plain text format on the compromised server hosting the phishing form. As a result, the nature of the attack is much worst, as the information is accessible to attackers and any stranger with the knowhow of how to use a search engine for finding out valid CC information.
Users who made the mistake of completing the form are recommended to contact both the Italian post office and their financial institution to set up the apt services that prevent the misuse of payment credentials. Finally, internauts should never provide sensitive information, especially credit card details, in response to an unwanted notification. Legitimate institutions are familiar with fraud attempt and that's why they will never make such request.
However, security experts recommends users to update their system with automatic scan and also made them familiar with the proposition that banks never asks for any confidential data online.
Nevertheless, at the moment these types of e-mail scam is rampant in the US as apparent from this example. In January 2012, the United States Postal Service (USPS) had been majorly hit by a new type of online scam, wherein an anonymous sender had been trying to befool users into clicking on a fake url guiding them towards downloading a malicious file altogether.
Related article: Italy - Sixth Largest Country to Host Maximum Malware
» SPAMfighter News - 28-03-2012