Just today, June 2, 2009, while celebrating the Feast of our Republic, I have reported a case of Phishing, another, against ITALIAN POST, which is already plenty of targets in all these years.
To everyone understand what is phishing, in an elementary way, we tell what are the typical ways and means by which it occurs.
Phishing is e-mail and "embodies" a credit institution or bank in which maybe you have an account opened and usually has a one-stop online as Bancoposta.
Phishing, the term originally meant phone + (to) fish, "fish bait" by phone, "phone" because the beginning was committed by such means. The phishing technique that is now a badge of sensitive information through emails that make a real scam: the phisihing by a series of deception or artifice (scam to our Criminal Code) to induce the user to believe that dealing with the real bank or online cover and you are facing the real site of the institute. The mail is sent to a false link with the name of the real bank, but just get over it carefully with your mouse (without clicking) to see the bottom left corner, in the status bar, the real site address where you want to connect through that link. Very often, the phisher can camouflage disabled the link in hex or string so that it is no longer in full control and view.
In our example (real) was not masked by the phisher to the link where you just get over it to expose him, or at least understand that a site or sub-peak (and wants to connect). Note that the link is was hidden in a picture:
Apparently it appears to be the real site of post office in http secure, but it is not.
In our case the link below that points to a
prismed (dot) net treating medical instruments and artifacts appear to have been behind their backs with the inclusion of a sub.
(which I omitted for security http://www):
prismed.net/loaded61a/images/table_background_products_new/WWW.POSTE.IT/index.html
This points to another site through a Ukrainian
redirects to
ucwlc.ca :
ucwlc.ca/nasha_doroha/LOGINPOSTEITALIANEBLOLformsLOGINaspxTYPE3355443314752751724DSE57854867667544464841DsaindexphpMfcISAPICommand/login-home.php? TYPE = LogIn FALSE
SITE:
login If we believe that this is true then we fall into the trap and give the cybercriminals our sensitive personal data, account and password and the ability to "blow" pennies from the account. In fact, of course, this login (box) is not true that the Post Office site, but that of the phishers, who tomorrow will have already spent it all and maybe closed (or changed) the site.
A striking example is the following:
phishing SITE:
SITE ROYAL ORDERS:
virtually identical to the previous
In these cases you must pay close attention to how secure http (https) to lock in the bottom right and the domain name in the address bar, which in this case is poste.it.
massairegalos.com / ...
instead of: poste.it / ...
There are various ways to expose a phishing attempt:
- Italian stunted (but beware, however recently because phishers are refining);
- contact the 'bank and be wary of requests for "foreign" information that apparently came from this;
- the false information contained in the email and the "veiled threat" that seems to warn that if we do not like they say severely punished or punishment from the criminal code (among other things in the fake mail art is wrong, too. the code cited in addition to the technical jargon and fanciful doubt);
- go with the mouse without clicking
to check what is the real link below (under the apparent one which is equal to the real one);
- check which site we are connecting ip checking the server (with plug-in browser)
- Never click links in mails;
- use a web of trust (such mywot) and indicates that alerts us to various sites suspected of fraud (plug- in the browser);
If you have already been victims of phishing:
- contact the Police Post for reporting
- report the site, links and mail to www.anti-phishing.it or by mail to: segnalazioni@anti-phishing.it
The site in question is in Ukrainian and I do not think we can do much unfortunately.
were duly reported to me hoping that these fools have not had too many victims.
