Yes, i can’t resist and i want to study every single scam attempt i detect.
This one was quiet easy, a fishing email, nothing special: it was already in the junk mail.
This email contains a link to a fake home page for postepay.it (http://m779.iuser.my/poste/), normal for a fishing email.
What was unexpectedly interesting was seeing the html of this fake page: it contains references to resources that are actually hosted on the real server of posteitaliane!
This means that poste italiane does not monitor unreferenced access to secondary or static web contents like css and images.
Oh, yesss i almost forgot to say that this is why bancopostaonline.poste.it is well knows even to non-italian hackers, crooks and other like these. Oh what a reputation!
I would like to tell them to implement a simple check on the referal in order to protect their poor customer (including me) from this stupid scams, htaccess should be sufficient for their wizard (unavoidable smile seeing .asp on their real site).
So if you too are a customer of poste italiane, consider to invite them to increase security on their website and stop being oblivious partner of these low leve scams.
If you are from Poste Italiane and you want to hire me, drop me an email. I will be happy to explain how to check if static or pseudo-static resources are correctly referenced from the page opened. there are several ways, also very effective, but i’m pretty sure you know already.
UPDATE : 2013 02 02
😀 since today, if you try to open the mentioned website this is what you get:
Incoming search terms:
- mail rstnc com (62)