Hi to everyone!

Yesterday 23-05-2018 at 3:54 PM I received an SMS on my personal mobile phone with the following text: (Italian)

Gruppo ISP: 
Banca Intesa San Paolo
la invita a convalidare
urgentemente il suo recapito
telefonico al seguente link:
https://bit.ly/ConvalidaGruppoIntesa

Immediately catched my attention; first because the link is shortened and then because I'm not an ISP's customer.

Anyway let's check where this link will redirect the user and also some statistics:

This trick consist on add a plus sign at the end of the shortened URL, so this will be:
https://bitly.com/ConvalidaGruppoIntesa+

This is pretty impressive, 885 clicks that redirect on https://convalida-recapito-intesasanpaolo.com/
Immediately I have been checked the url on VirusTotal, at the following address you can find the analysis:
https://www.virustotal.com/#/url/572102561f5067f2676f8f6e9bcc6b97cda702185944d59d0f623bf1169f1a3e/detection

Next this page redirect on:
https://www.postinaperandare2016.it/intesasanpaolo-convalida/ (at the time of writing this is no more valid)

Here the analysis:
https://www.virustotal.com/#/url/213e2faf7998d2e32f1fa3ab94fc27b1a6befabb9510856f24fef63d7038fdb8/detection

Today these two Phishing pages are no more existent, anyway I was able to find a screenshot on https://www.phishtank.com/
1) https://www.phishtank.com/phish_detail.php?phish_id=5650035
2) https://www.phishtank.com/phish_detail.php?phish_id=5650051



So you might understand what could happen with your ISP's credential!

This article is intended to help understand web dangers, so be careful.