Our 'Beware of scams!' campaign

Online card payments are fast and convenient, as are bank transfers and other transactions carried out via apps or home banking. However, scammers are constantly trying to steal the PINs and passwords we use. The Bank of Italy, in partnership with consumer associations, has launched a 'Beware of scams!' campaign. The campaign will raise awareness about the most insidious e-payment scams, how to avoid them and what protection tools we can use.

The campaign focuses on three types of scams: phishing, spoofing and man in the browser.

Phishing

How it works

You receive an email from a seemingly trustworthy sender, such as someone you know. The email tells you to click on a link, scan a QR code or something similar in order to avoid negative consequences. If you comply, you are then asked to enter confidential data, such as the username and password for accessing your home banking, or your credit card number and validation code.

Fraudsters also try to carry out similar scams via text; this type of scam is called smishing. They can also do it over the phone, which is known as vishing.

How to protect yourself

  • Never share your data, password and codes.
  • Never click on links or scan QR codes from dubious emails.
  • Always check your bank statement: contact your bank immediately and have your card blocked if you notice any anomalies, such as payments you did not make.
  • Set up the sms alert service, which immediately tells you about every e-payment made.

Spoofing

How it works

You receive an email, a text or a phone call, supposedly from your bank.

How to protect yourself

  • Read the email carefully. Watch out for any grammar mistakes, payment requests, links and QR codes.
  • If you are on the phone, hang up when they tell you that there are problems with strangers trying to access your account, a cyber-attack, a card block or a home banking malfunction. Then contact your bank immediately through the official channels.
  • Always check your bank statement: contact your bank immediately and have your card blocked if you notice any anomalies, such as payments you did not make.
  • Never share your data, password and codes.
  • Set up the sms alert service, which immediately tells you about every e-payment made.

Be careful! Your bank will never ask its customers for their username, password and codes over the phone, via email, text, WhatsApp or any other texting apps. Never share these data, otherwise you may not be entitled to reimbursement of any money that is stolen from you. If you share these data, you are facilitating scams.

Man in the browser

How it works

The scammer intercepts the data you enter. They can do it, for instance, through a virus that infiltrates your browser (the software you use to surf the web); the virus can modify transactions or web pages in real time.

How to protect yourself

  • Install an antivirus and keep it updated.
  • Never access your home banking through public wi-fi service.
  • Always check your bank statement: contact your bank immediately and have your card blocked if you notice any anomalies, such as payments you did not make.
  • Set up the sms alert service, which immediately tells you about every e-payment made.

What to do if you have been scammed

  1. Report any unauthorized transactions to your bank and ask for reimbursement.
  2. If the bank refuses to reimburse you and you believe you behaved correctly, you can submit a written complaint.
  3. If the bank doesn't reply within 15 days or if they don't grant your request, you can appeal to the Banking and Financial Ombudsman (Arbitro Bancario Finanziario) and submit a complaint to the Bank of Italy.

Reporting what happened to the law enforcement authorities can help fight scams.