What’s happened?

In these hours we are seeing a large number of deceptive emails that invite recipients to initiate an “upgrade procedure” and provide confidential information by filling in a form provided as an attachment. This is actually a well-designed attempt to scam! Messages appear to have been sent by Poste Italiane and have more or less content of this type:

“Dear Customer, Poste Italiane has always considered the security of digital services as a key strategic component of its business. This approach has led him to acquire undoubted leadership in Cyber Security. That’s why it is necessary to start the upgrade process to adapt the database. You may not use the Poste Italiane service or your credit card until you have updated your personal information. The upgrade form is attached to this mail, the form must be downloaded and filled out correctly. Cert 2014 Postale Italian | All Rights Reserved “


What information is required?

The form shown in the image below is a fake and is designed to fraudulently obtain the credentials we use to access the online account (username and password), our credit card number (PAN), its credit card number expiration date and security code (CVV2): it is enough for the scammer to make purchases using our money.

Phishing example: False information request form

Phishing example: False information request form

Why is important to know it?

The checks carried out by our CERT confirm that this is a fraudulent activity by adopting different tricks (eg by reproducing brand names or logos of websites we usually use).

These are very serious offenses punishable by our Criminal Code (erroneous induction of a person who has been hurt by artifices or scams – ex art 640 cp, “Truffa”, sending unsolicited / unsolicited communications – “spamming” in violation of D. Legislative Decree 196/03 – “Personal Data Protection Code” or “Privacy Code”).

In Poste Italiane we have been organizing for some time for the prevention and contraction of these illicit activities that enable us to deactivate sites that are predisposed to fraudsters at the same time and to block suspicious transactions on accounts if the credentials are removed of a customer’s access.

How to behave?

In order to avoid any risk, we suggest that anyone who receives this type of message can take simple steps, such as:

  • Do not connect to the site indicated in the text of the e-mail message;
  • Do not compile and / or download enclosed documents in the e-mail message;
  • If you are connected by mistake, do not provide any kind of credentials and / or personal data, do not authenticate;
  • Report further suspected emails to the CERT@posteitaliane.it mailbox;
  • Wait for similar requests, which are not reliable.