Recently phishing attacks are ongoing, targeting Posta Romana and EuPlatesc users. It will start with an email message, with the subject “Support Aveți un pachet de intrare”.
Network used to deliver phishing emails:
Email headers: https://mxtoolbox.com/Public/Tools/EmailHeaders.aspx?huid=d7aaaaba-8aab-4204-971d-90809853531d
X-Originating-Ip: 23.251.232.2
Message: Aveți un pachet de intrare
Un pachet a fost expediat către dumneavoastră și este nevoie de atenția dumneavoastră.
vă rugăm să completați cu exactitate formularele solicitate.
The initial page loads content from the following official pages:
https://www.posta-romana.ro/cnpr-app/gethumb.php?id=3201&w=306&h=210&ext=png&aw=200
https://www.posta-romana.ro/cnpr-app/modules/completeaza-formulare/interface/formular-mandat/ajax/getJudete.php
https://www.posta-romana.ro/cnpr-app/modules/completeaza-formulare/interface/formular-mandat/ajax/getLocalitatiExp.php
https://www.posta-romana.ro/cnpr-app/modules/completeaza-formulare/interface/formular-mandat/ajax/getStradaExp.php
The second page ask the visitors to submit credit card details for a small payment.
Official resources loaded from EuPlatesc:
https://secure.eupayment.eu/favicon.ico
https://secure.euplatesc.ro/tdsprocess/tpl-v17/js/bootstrap.min.js
https://secure.euplatesc.ro/tdsprocess/img/langpic/ro.png
https://secure.euplatesc.ro/tdsprocess/img/pci-logo.png
If you’re getting a phishing email, you should report it a soon as possible:
1. Google Safe Browsing https://safebrowsing.google.com/safebrowsing/report_phish/?hl=en
2. Netcraft https://report.netcraft.com/report
3. Microsoft https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site-guest
4. PhishTank https://phishtank.org
Forward phishing email to: [email protected].
Malicious URLs:
hxxps://posta-romana.eldahaby[.]co/receptie-pachet
hxxps://posta-romana.eldahaby.co/tdsprocess/checkout_plus
hxxps://posta-romana[.]ml/tdsprocess/checkout_plus
hxxps://servici-posta.hostpanzer[.]com/tdsprocess/checkout_plus
hxxps://posta-romana.blackgames[.]ro/receptie-pachet
hxxps://posta-romana.blackgames[.]ro/tdsprocess/checkout_plus
More URLs via urlscan.io:
https://urlscan.io/search/#page.url%3A%22receptie-pachet%22