Italian Phishing scam

Phishing attacks are no longer a new topic in the cyber world. Recently, one of the major Australian banks have been the target of a phishing attack. It seems like there are no geographical boundaries to these phishing scams, they are already hard at work at attacking their next victim, only this time they are having an appetite for Italians.

The latest phishing attack target customers from the Italian banking group – Intesa SanPaolo. We really should appreciate the scammers’ effort in their targets selections (NOT), but to our extreme disappointment, they are still using the vanilla flavour “account suspension” technique to fool their victims. Originality is obviously not their forte.

Below is a picture of the latest (still being spammed out at the time of writing this blog article) Intesa SanPaolo phishing email.

It is the typical phish email where the scammers add authenticity to their scam by adding the Intesa SanPaolo logo at the top and then followed by a standard message about the user’s account being suspended and requires the user to follow the specified link to re-activate their account.

The Italian message in the email roughly translates (according to Google translation) to:

“The password of your Flash card has been inserted more than three times, to protect its paper, we switched the suspension.

To retrieve the switched, Please enter and complete the activation page.”

This message is suppose to add a sense of urgency in the tiniest of tiny hope that the user will be foolhardy enough to click on the specified link. Naturally, the link redirects the user to some other site (already blocked by Sophos by our appliance) with a fake login page in a somewhat clumsy and vain attempt to harvest the user’s account details.