Summary:
In recent weeks, targeted phishing campaigns have intensified against clients of the Intesa SanPaolo bank, utilizing compromised Certified Email (PEC) accounts. These malicious emails aim to steal banking credentials and electronic card data by prompting users to click on links leading to fraudulent pages that mimic the bank’s login interface. The use of PEC accounts for such attacks has made them more credible and harder to detect. Vigilance and awareness of phishing threats are crucial for protecting personal data.
#PhishingAttacks #EmailSecurity #BankingFraud
In recent weeks, targeted phishing campaigns have intensified against clients of the Intesa SanPaolo bank, utilizing compromised Certified Email (PEC) accounts. These malicious emails aim to steal banking credentials and electronic card data by prompting users to click on links leading to fraudulent pages that mimic the bank’s login interface. The use of PEC accounts for such attacks has made them more credible and harder to detect. Vigilance and awareness of phishing threats are crucial for protecting personal data.
#PhishingAttacks #EmailSecurity #BankingFraud
Keypoints:
Targeted phishing campaigns are increasing against Intesa SanPaolo bank clients.
Malicious emails originate from compromised Certified Email (PEC) accounts.
The emails request users to update their banking device to avoid service disruption.
Links in the emails direct victims to fraudulent login pages designed to steal credentials.
Victims are also prompted to provide electronic card data on these fraudulent pages.
The use of PEC accounts enhances the credibility of these phishing attacks.
Countermeasures are being implemented by CERT-AGID with support from PEC managers.
IoCs related to the campaign have been shared with PEC managers and accredited entities.
Staying vigilant and cautious about suspicious communications is essential for data protection.
Users should report suspicious communications to malware@cert-agid.gov.it.
MITRE Techniques
Phishing (T1566): Utilizes deceptive emails to trick users into providing sensitive information.
Credential Dumping (T1003): Captures and exfiltrates user credentials from compromised systems.
Exploitation of Public-Facing Application (T1190): Targets users through fraudulent web applications that mimic legitimate services.
IoC:
[email] malware@cert-agid.gov.it
[url] fraudulent login page designed to imitate Intesa SanPaolo
[others] compromised Certified Email (PEC) accounts
Full Research: https://cert-agid.gov.it/news/caselle-pec-sempre-piu-usate-nel-phishing-per-le-frodi-bancarie/