What’s happened?

Our operators have found that an extensive phishing campaign is in progress. We want to point out why those who “bait the hook” this time run some more risk than usual.

The text contained in the email is more or less like this:

“OBJECT: [name and surname of the recipient of the mail] parcels not delivered
Dear [name, last name]
Your package with shipping code 57979776 arrived on November 25, 2014. Courier did not express a parcel for you. Print the shipping label and show it to the nearest post office to get the package [...]“

Notice the many spelling and translation errors in the text, symptoms that should immediately make us suspect.

Why is important to know it?

The mail invites you to click on a malicious link that lets us navigate on a “clone” site of SDA (Poste Italiane Group).

This is a very similar site to the original one, but it poses a serious threat to your computer: it could infect your PC and thus make all the data stored in it inaccessible and even require payment of a redemption in cash…

Image taken from the site

Image taken from the site “clone”

How to behave?

1) If you have been mistakenly navigated to the “clone” site page, no fear: close the browser window to avoid any problems.

2) Do not click on the “Download” button for any reason because this action activates the download of a dangerous virus on your computer (more precisely it is a Trojan)

3) For no reason, enter the credentials for access to the boxes displayed on the video (“Customer Area” box).