New stunt by hackers to steal access credentials to bank accounts: a phishing email in which they mention the Postal Police.
The cybercrime industry has many sources of income and one is certainly that of phishing email campaigns, i.e. fake messages sent to thousands, if not millions, of users in order to steal access data to online bank accounts. An activity that has been going on for years, because it costs very little and makes a lot to hackers: just a few users who take the bait are enough to make a lot of money.
This activity, however, increasingly needs to appear credible because many users have now learned to recognize the email end of phone companies, PostePay, Enel, Ministries and all the other big names in the economy and Italian institutions illegally exploited by hackers to try to cheat users. So much so that cyber criminals have now even started to exploit the name of their greatest enemy: the Postal Police. It’s the same police force that has launched a specific alert: a phishing campaign is underway to steal credit card and online account data, using the name of the Postal Police to reassure users.
The fake Postal Police email
To be precise, cyber cops explain, the fake email is sent from an address and with graphics that imitate those of one of the many Italian banking institutions. The email talks about a phantom new security system developed in collaboration with the Postal Police.
To activate this (fake) security system on your card or account you would then need to click on the ever-present link included in the fake email, which takes you to the ever-present fake web page that imitates the online bank account login page.
If the user doesn’t notice the fake, then all he is doing is giving away his online account access data to the criminals. Soon, as a result, you will see your account emptied of various transfers and online purchases that you have never made.
Hackers are always up to date
Hackers are smart, very smart: the reference to the new security system for bank accounts is not invented out of thin air, but refers to something that really exists.
From January 1, 2021, in fact, the obligation to protect electronic payments with the so-called SCA: Strong Customer Authentication. That is, the strong two-factor authentication foreseen by the new European directive PSD2.
The SCA, however, is automatically activated by the banks for payments over 500 euros and no bank is sending, nor ever will, emails or SMS to invite its customers to activate it manually.