What’s happened?

We want to point to a phishing attempt that anonymous fraudsters are trying to accomplish these days. Thanks to our monitoring activities and above all to your reporting, we have identified a large number of emails (apparently sent by Poste Italiane) that invite recipients to reactivate an imaginary “Postepay Web Security System”.

The text contained in the email is more or less like this:

“OBJECT: OTP Security for [name and surname of the mail recipient]
Dear [name, last name]
as of 17/09/2014 it is mandatory to reactivate the Postepay Web Security system to perform Postepay recharging, telephone recharging and payment bills on Poste Italiane sites [...]“

Notice spelling errors and repetitions in the text, symptoms that should immediately make us suspect.

Why is important to know it?

The message is a fake, emails all contain a link through which fraudsters redirect their victims to a phishing site designed to fraudulently drive access credentials. Credentials are later used directly to trap our money or resold to specialized criminals.

Verifications by our CERT confirm that this is a very extensive phishing case: an illegal activity carried out by adopting various stratagems (eg by playing trademarks or logos of websites we regularly use).

These are very serious offenses punishable by our Criminal Code (erroneous induction of a person who has been hurt by artifices or scams – ex art 640 cp, “Scam”, sending unsolicited / unsolicited communications – “spamming” in violation of D. Legislative Decree 196/03 – “Personal Data Protection Code” or “Privacy Code”).

In Poste Italiane we have been organizing for some time for the prevention and contraction of these illicit activities that enable us to deactivate sites that are predisposed to fraudsters at the same time and to block suspicious transactions on accounts if the credentials are removed of a customer’s access.

How to behave?

In order to avoid any risk, we suggest that anyone who receives this type of message can take simple steps, such as:

  • Do not connect to the site indicated in the text of the e-mail message;
  • Do not compile and / or download enclosed documents in the e-mail message;
  • If you are connected by mistake, do not provide any kind of credentials and / or personal data, do not authenticate;
  • Report further suspected emails to the CERT@posteitaliane.it mailbox;
  • Wait for similar requests, which are not reliable.