Subito phishing page detected

Posted byAnti-phishing Leave a comment on Subito phishing page detected

Subito.it Classifieds Phishing – Fake “Secure Funds Receipt” Scam (Italian Variant)

This phishing campaign impersonates Subito.it, the most widely used classified advertisements platform in Italy. The scam targets sellers by creating a fake “order” page that claims a buyer has initiated a purchase, then directs the seller to a card harvesting page under the pretext of “receiving funds securely.”

How it works:
A seller receives a message—likely via Subito’s messaging system, SMS, or other chat app—from a supposed buyer claiming to have paid for the item. The message includes a link to the first phishing page.

Step 1 – Fake Order Confirmation Page
The first page displays:

  • Subito branding and a product listing (in this case, a Samsung Galaxy Watch)
  • A price in euros (€130) plus shipping
  • Payment method logos (Visa, PayPal, etc.) to appear legitimate
  • Order details including the buyer’s name and the item
  • A prominent button implying the seller can securely receive funds

The page mimics Subito’s official interface, giving the impression that the transaction is already in progress.

Step 2 – Credit Card Harvesting Page with Fake Chat Support
After clicking the button, the seller is taken to a second page that:

  • Requests full credit card number, expiration date, and CVC
  • Displays the same transaction amount and a reference number
  • Includes a fake chat support window with a pre-written message
  • The chat message claims to be from Subito, explaining that the package has been paid for and that the seller must enter card details to verify their identity and confirm the payment. It falsely states the site is protected by end-to-end encryption.

The goal:
The attacker steals the seller’s credit card details. There is no actual buyer or payment—the entire transaction is fabricated. The fake chat window is designed to answer objections and pressure the seller into completing the card form.

Red flags to watch for:

  • Illogical request for card details: A seller receiving money should never be asked to enter their credit card number, expiry date, and CVC. Receiving funds requires bank account details (IBAN) or a linked payout method—not card credentials.
  • Fake chat support: The embedded chat window is not a live support feature but a scripted message. Legitimate Subito transactions do not include a pop-up chat that explains payment procedures on a third-party page.
  • Suspicious URL: The pages are hosted on a domain that is not subito.it. Always check the address bar before entering any information.
  • No login required: A legitimate sale on Subito would appear in the seller’s account dashboard after logging in. This scam bypasses account authentication entirely.
  • Generic payment form: The second page lacks integration with Subito’s actual payment system (Tantum) and does not display the expected security indicators of a legitimate checkout page.
  • Pressure to act: The combination of a realistic product price (€130) and the fake chat’s reassuring tone is designed to lower the seller’s guard and encourage quick action.

What to do if you encounter this:

  • Do not click any buttons promising to “receive” funds.
  • Do not enter your credit card details, expiry date, or CVC on such pages.
  • If you are selling on Subito, always log into your account directly (by typing subito.it into your browser) to check for real sales and messages.
  • Never trust links sent by buyers claiming they have paid—especially those directing you to external pages.
  • If you have already entered your credit card details, contact your bank immediately to block the card and dispute any unauthorized charges.
  • Report the phishing page to Subito’s support team.

Why this scam is effective:
Subito.it is Italy’s dominant classified platform, with millions of users. Sellers are accustomed to receiving messages about their listings and may not suspect a link that appears to show a legitimate order confirmation. The fake chat support window adds a layer of “customer service” that can convince hesitant victims. The €130 price point for a Samsung Galaxy Watch is realistic, making the scam plausible.

Protective measures:

  • Always verify any sale by logging directly into your Subito account—never through a link sent in a message.
  • Never enter credit card details to receive payment. Sellers provide payout details (bank account) during account setup; payments are processed automatically.
  • Be suspicious of any page that includes a pop-up chat window claiming to explain a payment process—legitimate platforms do not use such tactics on external pages.
  • If a buyer sends you a link to “claim” payment, treat it as a red flag and verify directly through the platform’s official app or website.
  • Enable two-factor authentication (2FA) on your email and any linked payment accounts.

Leave a comment

Your email address will not be published. Required fields are marked *