Italian Phishing scam

Filed Under: SophosLabs, Spam

Phishing attacks are no longer a new topic in the cyber world. Recently, one of the major Australian banks have been the target of a phishing attack. It seems like there are no geographical boundaries to these phishing scams, they are already hard at work at attacking their next victim, only this time they are having an appetite for Italians.

The latest phishing attack target customers from the Italian banking group - Intesa SanPaolo. We really should appreciate the scammers' effort in their targets selections (NOT), but to our extreme disappointment, they are still using the vanilla flavour "account suspension" technique to fool their victims. Originality is obviously not their forte.

Below is a picture of the latest (still being spammed out at the time of writing this blog article) Intesa SanPaolo phishing email.

It is the typical phish email where the scammers add authenticity to their scam by adding the Intesa SanPaolo logo at the top and then followed by a standard message about the user's account being suspended and requires the user to follow the specified link to re-activate their account.

The Italian message in the email roughly translates (according to Google translation) to:

"The password of your Flash card has been inserted more than three times, to protect its paper, we switched the suspension.

To retrieve the switched, Please enter and complete the activation page."

This message is suppose to add a sense of urgency in the tiniest of tiny hope that the user will be foolhardy enough to click on the specified link. Naturally, the link redirects the user to some other site (already blocked by Sophos by our appliance) with a fake login page in a somewhat clumsy and vain attempt to harvest the user's account details.

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s