Avviso del 05/11/2016

Oggi portiamo la vostra attenzione su una nuova email che giunge in rete come tentativo di fishing.

In questa email il “pescatore” si traveste da Banco Posta di poste Italiane e vediamo subito che il mittente di questo messaggio è straniero poichè già l’intestazione risulta errata.

BancoPostaOnline: Avisso importante

il messaggio riporta un indirizzo di risposta:

From: "BPOL@poste.it"  <nvomrplzgd@postel.it>

che indirizza al sito:

<root@reserve.goomet.com>

che possiamo notare essere registrato in giappone:

 Whois goomet.com
Domain Name: goomet.com
Domain ID: 1606625436_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.discount-domain.com
Registrar URL: http://www.onamae.com
Updated Date: 2016-06-30T00:00:00Z
Creation Date: 2010-07-15T00:00:00Z
Registrar Registration Expiration Date: 2017-07-15T00:00:00Z
Registrar: GMO INTERNET, INC.
Registrar IANA ID: 49
Registrar Abuse Contact Email: abuse@gmo.jp
Registrar Abuse Contact Phone: +81.337709199
Domain Status: ok https://icann.org/epp#ok
Registrant ID: Not Available From Registry
Registrant Name: wurijin zhao
Registrant Organization: eicosha
Registrant Street: 1-3-26 Iizuka
Registrant Street: abenyu-kawaguchi202
Registrant City: Kawaguchi-shi
Registrant State/Province: Saitama
Registrant Postal Code: 332-0023
Registrant Country: JP
Registrant Phone: +81.482506262
Registrant Phone Ext:
Registrant Fax: +81.482505116
Registrant Fax Ext:
Registrant Email: aizawa@eicosha.com
Admin ID: Not Available From Registry
Admin Name: Wurijin Zhao
Admin Organization: eicosha
Admin Street: 1-3-26 Iizuka
Admin Street: abenyu-kawaguchi202
Admin City: Kawaguchi-shi
Admin State/Province: Saitama
Admin Postal Code: 332-0023
Admin Country: JP
Admin Phone: +81.482506262
Admin Phone Ext:
Admin Fax: +81.482505116
Admin Fax Ext:
Admin Email: aizawa@eicosha.com
Tech ID: Not Available From Registry
Tech Name: GMO Internet, Inc.
Tech Organization: GMO Internet, Inc.
Tech Street: 26-1 Sakuragaoka
Tech Street: Cerulean Tower
Tech City: Shibuya-ku
Tech State/Province: Tokyo
Tech Postal Code: 150-8512
Tech Country: JP
Tech Phone: +81.334648727
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: admin@onamae.com
Name Server: 01.dnsv.jp
Name Server: 02.dnsv.jp
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2016-06-30T00:00:00Z <<<

 

Il messaggio molto semplice:

PosteItaliane

Gentile xxxxx@xxxx.xx,

Attenzione! Accesso Bloccato.
L’accesso al tuo servizio di Internet Banking è stato temporaneamente sospeso.
Confermare la tua identità qui>

PosteItaliane

ci invita a correggere un problema di accesso bloccato cliccando su un indirizzo che invece di BancoPosta ci porterebbe su questo dominio

ashlmy.com

Whois ashlmy.com

Domain Name: ASHLMY.COM
Registry Domain ID: 1912704246_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.godaddy.com
Registrar URL: http://www.godaddy.com
Update Date: 2016-03-24T12:39:29Z
Creation Date: 2015-03-24T02:08:25Z
Registrar Registration Expiration Date: 2017-03-24T02:08:25Z
Registrar: GoDaddy.com, LLC
Registrar IANA ID: 146
Registrar Abuse Contact Email: abuse@godaddy.com
Registrar Abuse Contact Phone: +1.4806242505
Domain Status: clientTransferProhibited http://www.icann.org/epp#clientTransferProhibited
Domain Status: clientUpdateProhibited http://www.icann.org/epp#clientUpdateProhibited
Domain Status: clientRenewProhibited http://www.icann.org/epp#clientRenewProhibited
Domain Status: clientDeleteProhibited http://www.icann.org/epp#clientDeleteProhibited
Registry Registrant ID: Not Available From Registry
Registrant Name: Ash Lam
Registrant Organization:
Registrant Street: hk
Registrant City: hk
Registrant State/Province: hk
Registrant Postal Code: hk
Registrant Country: HK
Registrant Phone: +852.93175967
Registrant Phone Ext:
Registrant Fax:
Registrant Fax Ext:
Registrant Email: ashhhhhh@gmail.com
Registry Admin ID: Not Available From Registry
Admin Name: Ash Lam
Admin Organization:
Admin Street: hk
Admin City: hk
Admin State/Province: hk
Admin Postal Code: hk
Admin Country: HK
Admin Phone: +852.93175967
Admin Phone Ext:
Admin Fax:
Admin Fax Ext:
Admin Email: ashhhhhh@gmail.com
Registry Tech ID: Not Available From Registry
Tech Name: Ash Lam
Tech Organization:
Tech Street: hk
Tech City: hk
Tech State/Province: hk
Tech Postal Code: hk
Tech Country: HK
Tech Phone: +852.93175967
Tech Phone Ext:
Tech Fax:
Tech Fax Ext:
Tech Email: ashhhhhh@gmail.com
Name Server: NS1.ASHLMY.COM
Name Server: NS2.ASHLMY.COM
DNSSEC: unsigned
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2016-11-06T09:00:00Z <<<

For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en

The data contained in GoDaddy.com, LLC’s WhoIs database,
while believed by the company to be reliable, is provided “as is”
with no guarantee or warranties regarding its accuracy.  This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the prior written
permission of GoDaddy.com, LLC.  By submitting an inquiry,
you agree to these terms of usage and limitations of warranty.  In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam.  You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.

Please note: the registrant of the domain name is specified
in the “registrant” section.  In most cases, GoDaddy.com, LLC
is not the registrant of domain names listed in this database.

come potete notare da quanto sopra descritto, le email di “fishing” rappresentano per molte persone quelle attività “illegali” volte a “prendere all’amo” le persone ingenue o ignoranti nell’accezione benevola (che non conosce) del termine.

Vigilate sempre su ogni mail che vi arriva, specialmente su quelle che a prima vista possono apparire legittime a inviate da mittenti conosciuti. Ricordate che è buona norma non accedere mai ai vostri conti finanziari da una email, ma accedere sempre digitando il corretto indirizzo fornito dalla vostra istituzione finanziaria e verificando che nell’indirizzo sia presente il collegamento protetto https.