Why Poste Italiane is one of the most Fishing-friendly Websites

poste-italiane-fishing-friendly
poste-italiane-fishing-friendly

Right after just a couple of days since my post about the security of Poste Italiane home banking website, some things have happened, some other which were expected to do, didn’t.

Within the thing which have happened, for instance, Google and Firefox identified the website i’ve wrote about as a fishing websites, warning visitors about the evil content hosted on those pages. What i signaled was the ease with which these identity stealers can make a perfect copy of the home page of the mentioned service. Continue reading “Why Poste Italiane is one of the most Fishing-friendly Websites”

(Visited 1,514 times, 1 visits today)

Poste Italiane Home Banking security? Ridiculous.

fake-poste-italiane-fishing

 

Yes, i can’t resist and i want to study every single scam attempt i detect.
This one was quiet easy, a fishing email, nothing special: it was already in the junk mail.
This email contains a link to a fake home page for postepay.it (http://m779.iuser.my/poste/), normal for a fishing email.
What was unexpectedly interesting was seeing the html of this fake page: it contains references to resources that are actually hosted on the real server of posteitaliane!

Continue reading “Poste Italiane Home Banking security? Ridiculous.”

Incoming search terms:

  • mail rstnc com (62)
(Visited 1,650 times, 1 visits today)

Apache2 access.log problem mapi?query= cmd getCounters jsonPrefix _PHJSONPCallback_1046 &rnd=

fail2ban-in-action-for-wordpress-security-and-performancesThis webpage http://file.oboz.ua/files/vf4f51401192c57_20123223481.mail%5B1%5D is trying to make a fishing attack using this page to serve unprocessed html code in order to make something with user of mail.ru.
if you see a log entry like this:

37.147.118.211 - - [02/Jan/2013:08:53:31 +0000] "GET /mapi?query=%7B%22cmd%22%3A%22getCounters%22%2C%22jsonPrefix%22%3A%22__PHJSONPCallback_47%22%7D&rnd=1357116906112 HTTP/1.1" 403 507 "http://my.mail.ru/friends?" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.12 (KHTML, like Gecko) Maxthon/3.0 Chrome/18.0.966.0 Safari/535.12"

Continue reading “Apache2 access.log problem mapi?query= cmd getCounters jsonPrefix _PHJSONPCallback_1046 &rnd=”

Incoming search terms:

  • odnoklassniki ru/mapi?query={cmd:getcounters jsonprefix:__phjsonpcallback_2} (684)
  • odnoklassniki ru/mapi?query={cmd:getcounters} (258)
  • https://ok ru/mapi?query={\cmd\:\getCounters\} (24)
  • odnoklassniki ru/mapi?query={cmd:getCounters jsonPrefix:__PHJSONPCallback_3} (15)
  • odnoklassniki ru/mapi?query={cmd:getCounters jsonPrefix:__PHJSONPCallback_4} (10)
(Visited 2,301 times, 1 visits today)