Poste Italiane Home Banking security? Ridiculous.

fake-poste-italiane-fishing

 

Yes, i can’t resist and i want to study every single scam attempt i detect.
This one was quiet easy, a fishing email, nothing special: it was already in the junk mail.
This email contains a link to a fake home page for postepay.it (http://m779.iuser.my/poste/), normal for a fishing email.
What was unexpectedly interesting was seeing the html of this fake page: it contains references to resources that are actually hosted on the real server of posteitaliane!

This means that poste italiane does not monitor unreferenced access to secondary or static web contents like css and images.

Oh, yesss i almost forgot to say that this is why bancopostaonline.poste.it is well knows even to non-italian hackers, crooks and other like these. Oh what a reputation!

I would like to tell them to implement a simple check on the referal in order to protect their poor customer (including me) from this stupid scams, htaccess should be sufficient for their wizard (unavoidable smile seeing .asp on their real site).
So if you too are a customer of poste italiane, consider to invite them to increase security on their website and stop being oblivious partner of these low leve scams.

If you are from Poste Italiane and you want to hire me, drop me an email. I will be happy to explain how to check if static or pseudo-static resources are correctly referenced from the page opened. there are several ways, also very effective, but i’m pretty sure you know already.
Ciao!!

 

UPDATE : 2013 02 02

😀 since today, if you try to open the mentioned website this is what you get:

http---m779.iuser.my-poste-You’re welcome google. 

Incoming search terms:

  • mail rstnc com (62)
(Visited 1,644 times, 1 visits today)

Author: Giuseppe Urso

Giuseppe lives in Haarlem now with his shiny dog, Filippa In 1982 received his first home computer, a Commodore 64, followed by Datasette and a 1541 Floppy Disk Drive. In 1999 he installed his first Linux distro (LRH6). In 2006 he switched to Debian as favourite OS. Giuseppe Urso actively sustains the Free Software Fundation and his founder Richard Mattew Stallman, he speaks to people trying to convince them to join the fight now, and about how important is to use Free Software only. He has a job as Infra Specialist at Hippo Enterprise Java Cms an Open Source Enterprise class Content Management System, one of the coolest company ever, in Amsterdam. He's always ready to install Debian on other people computers for free.

Leave a Reply

Your email address will not be published. Required fields are marked *

 

This site uses Akismet to reduce spam. Learn how your comment data is processed.