A phishing scam that has been targeting Italians in the past period tries to dupe Internet users into handing over private information, including credit card details that can later be used to perform fraudulent transactions.
Bitdefender experts found that the scam starts with an email that urges recipients to verify their identity for maintenance reasons. To make everything more legitimate-looking, the message is designed to incorporate logos and menus regularly used by Poste Italiane when sending notifications to customers.
To confirm their identification data, users are requested to click on a link that leads to an online form where they must provide their names, passwords, card IDs and CVVs (Card Verification Value).
Once the information is submitted, everything is stored in a plain text file on the same server where the malicious form is hosted.
The problem is that if the data is stored in this manner it may become accessible to anyone who knows how to look for credit card data with a search engine. Normally, the stolen data is stored in a database or it’s sent to an email address, where only the crooks can access it.
In this case the phishers are sharing their loot with almost anyone.
Users who made the mistake of completing the form are advised to contact both the Italian Post Office and their financial institutions to set up the appropriate services that prevent the misuse of payment credentials.
Since antivirus vendors usually do a decent job in flagging these malicious sites, it’s always recommended to ensure that an updated security software is running in the background, checking all the tasks performed online.
Finally, internauts should never provide sensitive information, especially credit card details, in response to an unsolicited notification. Legitimate institutions are aware of fraud attempts and that’s why they will never make such requests.