What’s happened?

Thanks to your important announcements, we can talk about an attempt at phishing that anonymous fraudsters are trying to accomplish these days. There are circulating emails (apparently sent by Poste Italiane) calling on recipients to fill out a “form” to receive a cash bonus on their PostePay card.

The text contained in the email is more or less like this:

“Poste Italiane encourages you with a minimum Euro 87.00 bonus
Bonus: 87,00
Charging commissions: 1,00
Amount to be received: 86,00

Access the attached form to check the bonus.

To receive the bonus you must have a balance equal to or higher than Euro 87 available on your Postepay Card.
The bonus will be credited within 24/48 hours, just wait for the confirmation email after filling in the form.

With best regards,
Alessandro B., Poste Italiane S.p.A. [...]“

Why is important to know it?

The message is a fake product for fraudulently exploiting the credentials we use to access the online account (username and password) and other confidential information, which are then used directly to trap our money or are resold to specialized criminal organizations.

Our CERT verifications confirm that this is a case of phishing – an illicit activity done by adopting different tricks (eg by reproducing brand names or logos of websites we usually use).

These are very serious offenses punishable by our Criminal Code (erroneous induction of a person who has been hurt by artifices or scams – ex art 640 cp, “Scam”, sending unsolicited / unsolicited communications – “spamming” in violation of D. Legislative Decree 196/03 – “Personal Data Protection Code” or “Privacy Code”).

In Poste Italiane we have been organizing for some time for the prevention and contraction of these illicit activities that enable us to deactivate sites that are predisposed to fraudsters at the same time and to block suspicious transactions on accounts if the credentials are removed of a customer’s access.

How to behave?

In order to avoid any risk, we suggest that anyone who receives this kind of message can make simple arrangements, such as:

  • Do not connect to the site indicated in the text of the e-mail message;
  • Do not compile and / or download enclosed documents in the e-mail message;
  • If you are connected by mistake, do not provide any kind of credentials and / or personal data, do not authenticate;
  • Report further suspected emails to the CERT@posteitaliane.it mailbox;
  • Wait for similar requests, which are not reliable.