8431 Genuine Or Spam???

Are you looking for a translation?

No not really, thanks Gabbi, just don't want t click on a link that may add my ip address to a spam list!!! Maybe just ignore and bin it!!!

So did you want someone else to click the link and get spam on your behalf? Seems a strange thing to ask, but for your information it is a genuine Poste Italiane link to their site and they are asking for certain information. Do you pay any bills online through Poste Italiane?

No not at all Gabbi. I just wondered if someone else had had a similar e-mail. I registered with them as non resident and I didn't pay any bills. You can only pay bills if you have registered resident. Thanks for the reassurance though as to its authenticity.

Was it plain text or HTML? If HTML it's almost always spam. If HTML change it to plain text and see what the source message actually writes.

[quote=turtle;78932]My Italian isn't up to this. I have just reecived this e-mail.

From:
"Poste Italiane" **Add to Address Book

Subject:
La preghiamo di esaminare con la massima serieta e immediatamente questo messaggio di posta elettron

Date:
Tue, 18 Dec 2007 13:06:18 -0600

Oggetto: Comunicazione nr. 91258 del 5 Aprile 2007 - Leggere con attenzione

Gentile Cliente,

nell'ambito di un progetto di verifica dei data anagrafici forniti durante la sottoscrizione dei
servizi di Posteitaliane e stata riscontrata una incongruenza relativa ai dati anagrafici in oggetto
da Lei forniti all momento della sottoscrizione contrattuale.

L'inserimento dei dati alterati puo costituire motivo di interruzione del servizio secondo
gli art. 135 e 137/c da Lei accettati al momento della sottoscrizione, oltre a costituire reato penalmente
perseguibile secondo il C.P.P ar.415 del 2001 relativo alla legge contro il riciclaggio e la transparenza dei
dati forniti in auto certificazione.

Per ovviare al problema e necessaria la verifica e l'aggiornamento dei dati relativi
all'anaagrafica dell'Intestatario dei servizi Postali.
Effetuare l'aggiornamento dei dati cliccando sul seguente collegamento sicuro:

[url]https://bancopostaonline.poste.it/bpol/cartepre/formslogin.asp[/url]

Cordiali Saluti.[/quote]
whatever you do do not give any info.this is all atempted fraud little better than the ex nigerian general who wants to split 7.000.000 dollars with you cancel it as spam or whatever.

[FONT="Comic Sans MS"][SIZE="5"][COLOR="Red"][B]IT'S A SCAM - [U]DON'T[/U] ANSWER IT. THEY WANT YOU TO SEND DETAILS OF YOUR POST OFFICE ACCOUNT (IF YOU HAVE ONE)[/B] [/COLOR][/SIZE][/FONT]

[B]They send these at ramdom from many banks in the hopes that they manage to catch at least some people with Post Office or other bank accounts. There are several spelling mistakes too - it is very poor italian. IT's simply 'phishing' see [URL="http://www.blogcatalog.com/discuss/entry/anybody-see-any-problem"][B]>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>><
Gentile Cliente,

[B][COLOR="red"]n[/COLOR][/B]ell'ambito di un progetto di verifica dei data anagrafici forniti durante la sottoscrizione dei
servizi di Posteitaliane e stata riscontrata una incongruenza relativa ai dati anagrafici in oggetto
da Lei forniti all momento della sottoscrizione contrattuale.

L'inserimento dei dati alterati puo costituire motivo di interruzione del servizio secondo
gli art. 135 e 137/c da Lei accettati al momento della sottoscrizione, oltre a costituire reato penalmente
perseguibile secondo il C.P.P [B][COLOR="Red"]ar.[/COLOR][/B]415 del 2001 relativo alla legge contro il riciclaggio e la [B][COLOR="Red"]transparenza[/COLOR][/B] dei
dati forniti in auto certificazione.

Per ovviare al problema e necessaria la verifica e l'aggiornamento dei dati relativi
[B][COLOR="Red"]all'anaagrafica[/COLOR][/B] dell'Intestatario dei servizi Postali.
[B][COLOR="Red"]Effetuare[/COLOR][/B] l'aggiornamento dei dati cliccando sul seguente collegamento sicuro:

[quote=Sebastiano;78941]whatever you do do not give any info.this is all atempted fraud little better than the ex nigerian general who wants to split 7.000.000 dollars with you cancel it as spam or whatever.[/quote]

You're kidding? This is spam? I thought I was going to be rich:madd: It is just as well I have the Swedish lottery win to fall back on:laughs:

Mark

Sorry Sebastian - we seem to have been responding at the same time with the same answer!

But at least the message will be understood.

Just to be boring for a moment (sorry!), there is an easy way to check if a message contains a real link or a forged one. I say forged, because whilst the text in the email may look as though it is sending you to a pukka web address of your bank, etc. The actual link embedded is sending you somewhere else.

So, the trick is to select and copy the link - then paste it into your browser so that you can actually see it. If it is sending you to a different address, don't go there. Do not click GO and do not collect £700,000,000! OK?

Hang on a minute, has anyonr clicked the link? Poor Italian or not, it's a genuine Poste Italiane link to their website. Check it out before before allowing paranoia to set in.

[url]https://bancopostaonline.poste.it/bpol/cartepre/formslogin.asp[/url]

Then, if you're still sceptical click this link, where you can read everything in plain English.

[url=http://www.poste.it/en/]Poste Italiane - Home page[/url]

We receive this message to, and have always assumed it was fraud. And if two experienced posters also think it is I tend to go with their opinion, especially as we have no PO accounts. So this leaves me with the somewhat worrying thought that Gabbi still thinks it to be genuine.?
A

Hi All
The best way to check is to look at the link address. we get emails from the halifax security dept ( laugh) and the link address reads like this halifax.bank.au.$^**......plus a load of other rubbish, if your still in doubt, go to their real main website and look at their "lastest news " section, if there are any new things you should know they will be listed here.

[quote=turtle;78938]No not at all Gabbi. I just wondered if someone else had had a similar e-mail. I registered with them as non resident and I didn't pay any bills. You can only pay bills if you have registered resident. Thanks for the reassurance though as to its authenticity.[/quote]

Just for info, we pay our Enel bill via standing order with the PO, and we are not residents (they still send our statements to our English address). However, we recently tried to set up a standing order for GAIA (water company) and that was not possible. Apparantly they can do Wind, Vodafone, etc, though.

Another way of looking at it is that no genuine self-respecting organisation will ask for this kind of information via e-mail. Isn't your bank always warning you to ignore such messages. We get this message and we have no online facilities with Poste Italiane so what can possibly happen if you bin it ?
Robert.

Don't worry, nothing will happen if you ignore/bin it. That link takes you to the log on page for the Poste Italiane website. If you have a membership/account then you enter your details (username and password) to log on. This type of email comes to you if you have ever 'registered' on the site before, even if you have never activated or used any of the facilities. It's a GENUINE link.

Well I am confused now. Surely such a large company would get their spelling right!!! And yet Gabbi says the link is genuine. Maybe I should conduct a poll!. I've binned the e-mail anyway. I usually do with similar Nationwide ones!!!

Sally, ever heard of [I]typogra[B]f[/B]ical[/I] errors? :bigergrin:

Oh you do have a way with words Gabbi but then you knnow that hence your name!!! lol

Errata - know

I've just got back from a wee trip away ... just in case there's still any confusion here's my tuppenceworth:

this is definitely a "phishing" email - albeit a pretty old one - i.e. not a genuine communication from Poste Italia. See this email's entry in [url=http://phishery.internetdefence.net/data/24167/1/]The Internet Defence Phishery[/url] for confirmation.

Basically, if html is turned on (... not a good idea but the default for Microsoft) then the html code in the dodgy email generates viewable text in the email client which appears to show a link to the secure login page of the website concrnend.

However, if you were to have clicked on the link wen this phishing scam was first launched you'd actually have been redirected to a dodgy webserver in the Czech republic. This would display a web page that looks just like the real bancoposta login page, but of course the details which you entered would actually have been sent to the criminals instead of the real bank. Very soon afterwards, they'd use the details you entered to access your account and clear it out.

So, it's worth repeating:

1. For maximum safety DON'T enable html in your email client unless you are quite sure of your ability to tell a scam from genuine (turning this off is different in every client but they should all hopefully have an option to do so).

2. NEVER click on a link in an email from any company which purports to take you to their login screen (or any other web page that requires you to enter your account/password or other security info).

3. If you REALLY believe the email to be genuine, check the [B]plain text [/B]undelying the html in the email body (as advised above by NickZ). Verify that the address shown in plain text is the same as that which was displayed in the link when originally viewed as html. If they match, that confirms that you're not being redirected without your knowledge - but it DOESN'T mean that the URL is neccessarily now genuine ... it may still just be something that looks very similar to the real thing at a glance, but is not genuine.

4. Take some obvious part of the email text which looks quite "unique" and paste it into google, with the whole bit of text enclosed in double quotation marks. then add a space after that and the word "phishing". Search on that - you are likely to find that the email has already been identified as a scam. eg. for this particular mail, I entered [B][I][COLOR="Blue"]"Oggetto: Comunicazione nr. 91258 del 5 Aprile 2007 - Leggere con attenzione" phishing[/COLOR][/I][/B] into google.

5. If the google search doesn't return anything, and you still have good reason to believe the mail to be genuine, contact the company directly (preferably by phone, or by emailing a previously known contact address) to check its authenticity before proceeding

6. if you are unable to contact them and you are absolutely convinced that you MUST urgently complete whatever transaction the email is telling you to do, then MANUALLY navigate to the login page of the company's website - DO NOT CLICK on the supplied link in the email; instead, follow your normal method for getting to the login page (from a shortcut or favourite or the url ORIGINALLY emailed to you when you opened the account). Then, login as normal ... IF (and its wildly unlikely) the email were genuine, THEN you'd be presented with some indication that they needed some info from you. Only at that pointwould you be safe to provide the info requested

Actually looking properly at the address - "Poste Italiane" It certainly isn't the real McCoy. That is [url]http://www.poste.it[/url] (They might as well have added impostas as their name though!!! lol)

[quote=pigro;78978]
However, if you were to have clicked on the link when this phishing scam was first launched you'd actually have been redirected to a dodgy webserver in the Czech republic. This would display a web page that looks just like the real bancoposta login page, but of course the details which you entered would actually have been sent to the criminals instead of the real bank. Very soon afterwards, they'd use the details you entered to access your account and clear it out.[/quote]
I take on board what you're say about if you had clicked the link when the scam was first launched, but no matter which way I log on to Poste Italiane I get the same pages as displayed in the link here. I can navigate around the whole site, clicking all the links and visit all the pages through the link and can find no differences between the link here and using any other direction to visit the Poste Italiane site.

I'm confused, is the link provided here by Sally, dodgy or genuine now?

Gabbi, I think the answer to your question is that these 'phishing' emails sometimes put the text address of a valid site in their emails, but the invisible code which drives the link is to a fake site; often one with a marginally (but crucially) different address to the one displayed, like the email address that Sally refers to.

Sally probably copied-and-pasted the text from the email and the forum software recognised it as a URL and put the link in, based on the text it saw. In other words, the link displayed on the Forums is probably to the genuine site, whereas the 'hidden' part of the link in Sally's original email was to the hoax site.

[quote=Gabbi;78987]I take on board what you're say about if you had clicked the link when the scam was first launched, but no matter which way I log on to Poste Italiane I get the same pages as displayed in the link here. I can navigate around the whole site, clicking all the links and visit all the pages through the link and can find no differences between the link here and using any other direction to visit the Poste Italiane site.

I'm confused, is the link provided here by Sally, dodgy or genuine now?[/quote]

Marc has more or less answered this already - the text that Turtle cut & pasted into her post shows the URL [I]as it would have been [B]seen[/B] when the original email was viewed as html[/I] .... it doesn't contain or show the [B]real [/B]URL that was actually in the original mail - so copying that text from T's post and pasting into a browser WILL take you to the bona fide site & you can navigate around it to your hearts content.

That is, [code]https://bancopostaonline.poste.it/bpol/cartepre/formslogin.asp[/code] is a real legitimate link to the real bancoposta login page, but clicking on the link in the original email would not have taken you there, you'd actually have gone to [code]http://www.lump.cz/bt/poste/[/code]

To (hopefully) clarify the "timing" bit I was referring to ... if you look at the link I gave in my earlier post (I named the link 'The Internet Defence Phishery') it tells you that the scam was first seen on 18th April 2007 @ 02:00. By 13:02 the same day, it had been recognised as a scam, and the faked web pages on the .cz URL above had been "taken down" by the authorities ... so, if you clicked on the link [B]within the original email[/B] in that brief 11 hour period, you'd have been directed to the dodgy site; since then, clicking on the link within the original email will just take you to a "page not found".

As always, when I try to make things clearer, I seem to end up obscuring them even more. Its a gift :-)

If this is an old, defunct scam why is the email still being sent and who is bothering to send it if there is no profit to be made?

I suppose the world is full of loonies!

last word from me ... it's quite possible that the same visible email text has been used in a new mailing, with a different underlying URL (i.e. one pointing to another phoney website thats waiting to grab your details) .. either by the original criminals or by a copy cat.

However, more likely that one of the many networks of hacked PC's which the criminals remotely control & use to launch these mass emails just threw a wobbler and resent an old scam by mistake - given the volume of "campaigns" they launch every day that would be no great surprise.

[COLOR=Blue] Originally Posted by [B]pigro[/B] [URL="http://www.italymag.co.uk/forums/general-chat-about-italy/8431-genuine-spam-post78978.html#post78978"][IMG]http://www.italymag.co.uk/forums/images/italymag/buttons/viewpost.gif[/IMG][/URL][/COLOR]
[I][COLOR=Blue]However, if you were to have clicked on the link when this phishing scam was first launched you'd actually have been redirected to a dodgy webserver in the Czech republic. This would display a web page that looks just like the real bancoposta login page, but of course the details which you entered would actually have been sent to the criminals instead of the real bank. Very soon afterwards, they'd use the details you entered to access your account and clear it out.[/COLOR][/I]

Even if the link was false and it looked like a real bancoposta site surely those of you who use a credit card and anything financial on the internet look for:

1) https (encrypted) type address rather than http in the address bar (non encrypted)

2) The most important thing the security certificate that is displayed in the browser. (padlock icon)

No Bank or even utility bill will ever ask for details in an email

[quote=chillout;78999]
Even if the link was false and it looked like a real bancoposta site surely those of you who use a credit card and anything financial on the internet look for:

1) https (encrypted) type address rather than http in the address bar (non encrypted)

2) The most important thing the security certificate that is displayed in the browser. (padlock icon)[/quote]

to save time & my fingers, I've cut & pasted the below from wikipedia's "phishing" entry ... so not really any more words from me (unless you count this sentence!):

[I]Website forgery

Once the victim visits the website the deception is not over.[34] Some phishing scams use JavaScript commands in order to alter the address bar. This is done either by placing a picture of a legitimate URL over the address bar, or by closing the original address bar and opening a new one with the legitimate URL.[35]

An attacker can even use flaws in a trusted website's own scripts against the victim.[36] These types of attacks (known as cross-site scripting) are particularly problematic, because they direct the user to sign in at their bank or service's own web page, where everything from the web address to the security certificates appears correct. In reality, the link to the website is crafted to carry out the attack, although it is very difficult to spot without specialist knowledge. Just such a flaw was used in 2006 against PayPal.[37]

A Universal Man-in-the-middle Phishing Kit, discovered by RSA Security, provides a simple-to-use interface that allows a phisher to convincingly reproduce websites and capture log-in details entered at the fake site.[/I]

I retrieved from the bin my yahoo.com address the e-mail. I have looked at the code of it and yes unequivocally it's spam. Have a look.

[IMG]http://i188.photobucket.com/albums/z294/sallydonaldson/screenshot_2-10.jpg[/IMG]

Absolutely correct Pigro,

It goes without mentioning that you must be using a browser that has anti-phishing tools (IE and FF have them) and some kind of internet security (such as Norton)that notices malicious activity.

There are normally signs though before actually clicking any links. In this case the email is a dead giveaway to anyone who has a bancaposte account.

No bank will ever send you an email stating that they will suspend your account unless you click a link to confirm some details.

Perhaps a recorded delivery letter to your home address is more likely asking you to visit your branch.

A good site to visit for more info on phishing is [URL="http://www.antiphishing.org/"][COLOR=#810081]Anti-Phishing Working Group[/COLOR][/URL]

[quote=Marc;78990]Gabbi, I think the answer to your question is that these 'phishing' emails sometimes put the text address of a valid site in their emails, but the invisible code which drives the link is to a fake site; often one with a marginally (but crucially) different address to the one displayed, like the email address that Sally refers to.

Sally probably copied-and-pasted the text from the email and the forum software recognised it as a URL and put the link in, based on the text it saw. In other words, the link displayed on the Forums is probably to the genuine site, whereas the 'hidden' part of the link in Sally's original email was to the hoax site.[/quote]
Phew! Everythings clear now. Thanks.

Well, I was too busy yesterday and I was unable to see what was going on in the Forum!!! I really missed all the fun. Anyway, Sally, forget about the message. I receive an average of 3-4 similar messages every week from a variety of Spanish banks which all look very genuine with loggos and the works... They are not. The Spanish police has warned about this and the banks have asked their clients not to reply to any mail as they will never send anything of that sort by email. So do not answer and disregard similar types of email. If still in doubt, contact the bank or institution directly. Cheers,

Leading on from this question, it is worth pointing out that you should always check that the website you think you are visiting is the real one. It is very easy to do in your web browser - just keep an eye on what is displayed in the bottom left cormer of the main window. It should display the real website link as soon as you hover over it. Try it... [URL="http://www.newsnow.co.uk/newsfeed/?name=Italy"]http://www.google.com[/URL] ... or even here ... [URL="http://www.telegraph.co.uk/"]http://www.bbc.co.uk[/URL] ... You see how easy it is to misdirect? Of course, with a link in an email, it is not easy to actually see the real link - you need to either view source or select the link manually, then copy and paste (as Turtle did originally). This will give you the link you THINK you are being directed to, not the fake one.

What you see is not always what you get!