Bitdefender security researcher come across a phishing scam mail that purportedly coming from Italian post operator Poste Italiane. The post office clients has been targeted with this spam mail and asking them to confirm their login data for maintenance reasons.
In order to trick users into believing that mail comes from the legitimate place, attacker added the legitimate menus and banners in their mail.
The fake mail ask recipients to confirm their identification data and provides the user with a link that sends them to a login page that asks for personal information such as user name, password, card ID or security card number.
Once the user submit the information, everything is stored in a plain text file on the same compromised server that hosts the phishing form. If the data is stored in text file, the information is not only not only available to attackers, but also to anyone who knows how to use a search engine to find valid CC info.
"As a rule always avoid giving out credit card information, especially when you need to disclose your PIN or CVV info. Banks and other institutions working with money never ask clients to change IDs or passwords via e-mail. When in doubt, pick up your phone and call or pay them a visit to make sure. Also, install anti-virus software and keep it up to date." Researcher give security Tips.
In order to trick users into believing that mail comes from the legitimate place, attacker added the legitimate menus and banners in their mail.
The fake mail ask recipients to confirm their identification data and provides the user with a link that sends them to a login page that asks for personal information such as user name, password, card ID or security card number.
Once the user submit the information, everything is stored in a plain text file on the same compromised server that hosts the phishing form. If the data is stored in text file, the information is not only not only available to attackers, but also to anyone who knows how to use a search engine to find valid CC info.
"As a rule always avoid giving out credit card information, especially when you need to disclose your PIN or CVV info. Banks and other institutions working with money never ask clients to change IDs or passwords via e-mail. When in doubt, pick up your phone and call or pay them a visit to make sure. Also, install anti-virus software and keep it up to date." Researcher give security Tips.