Posteitaliane phishing page detected

Posted byAnti-phishing Leave a comment on Posteitaliane phishing page detected

This screenshot shows a phishing page impersonating Poste Italiane (PostePay) , targeting Italian customers. The page asks for an unusual combination of information—username, password, phone number, and even an “approximate balance”—which is a clear sign of a scam designed to steal account credentials and gather intelligence for fraud.

Threat Analysis: Poste Italiane Phishing – Credential & Account Data Harvesting

This phishing campaign impersonates Poste Italiane, specifically its PostePay service (a popular prepaid card and digital payment system in Italy). The page mimics the login interface but adds extra fields to collect more sensitive information.

How it works:
The victim receives a phishing email, SMS, or other message claiming a security alert, account issue, or the need to verify their information. The link leads to this fake PostePay login page. The victim is asked to enter:

  • Username
  • Password
  • Phone number
  • “Saldo approssimativo” (approximate balance)

After filling in these fields and clicking “AVANTI” (Next), all the data is captured and sent to the attacker.

The goal:
The attacker aims to:

  • Steal the victim’s PostePay login credentials (username and password)
  • Obtain the victim’s phone number for SMS‑based fraud (SIM swapping, intercepting 2FA codes)
  • Learn the approximate account balance to assess the victim’s value and tailor further scams

With this information, the attacker can log into the victim’s PostePay account, transfer funds, make purchases, or use the phone number for identity theft.

Red flags to watch for:

  • Suspicious URL: The page is hosted on a domain that is not poste.it or any official Poste Italiane domain. Legitimate PostePay login is accessed through the official website or app. Always check the address bar.
  • Request for phone number and balance: A legitimate login page never asks for your phone number or account balance. These are internal data that the bank already knows. Their presence on a login form is a strong indicator of a phishing page.
  • Poor design and unprofessional layout: The page has a simplistic design, inconsistent spacing, and lacks the full navigation, security notices, and personalization found on the real PostePay portal.
  • Unsolicited login request: Poste Italiane does not send emails or messages with links requiring customers to log in to resolve account issues.

What to do if you encounter this:

  • Do not enter your username, password, phone number, or balance on this page.
  • If you are a Poste Italiane customer, always access PostePay by typing poste.it directly into your browser or by using the official PostePay mobile app.
  • If you have already entered your credentials, change your PostePay password immediately and enable two‑factor authentication (2FA) if available. Contact Poste Italiane’s fraud department to secure your account.
  • Report the phishing page to Poste Italiane (e.g., by forwarding the original message to [email protected]).

Why this scam is effective:
PostePay is widely used in Italy, and many customers are familiar with its login interface. The extra fields (phone number, balance) may seem like additional “security” or “verification” steps to unsuspecting users. The threat of account suspension or a security issue creates urgency, making victims more likely to enter the requested information without carefully checking the URL.

Protective measures:

  • Bookmark the official Poste Italiane login page and use that bookmark to access your account—never click links in emails or messages.
  • Use a password manager: It will autofill only on legitimate poste.it domains, not on phishing sites.
  • Never provide your phone number or account balance on a login page. The bank already has this information.
  • Enable two‑factor authentication (2FA) on your PostePay account if available, to add an extra layer of protection.
  • Be suspicious of any unsolicited message that creates urgency and asks you to log in to your account.
  • Check the URL carefully: Legitimate Poste Italiane domains end with poste.it. Look for misspellings, extra words, or unusual top‑level domains.
  • If in doubt, contact Poste Italiane directly using a phone number from your bank statement or the official website—never use contact information provided in a suspicious message.

Leave a comment

Your email address will not be published. Required fields are marked *