When 'phishing' is not a sport: Giuliana's story

  • sei qui: Home
  • News
  • When 'phishing' is not a sport: Giuliana's story

Giuliana loves travelling. Ever since she found out about low-cost companies, she's been taking long trips with her girlfriends; she is so happy to be able to visit places that she never thought she would get to see! Every time she plans a trip, however, the most difficult task is… packing her bags? Of course not! She loves choosing what to take, and she always leaves a bit of room in her suitcase for souvenirs.

The most difficult task is buying the tickets: she just can't keep up with all the airline websites, so her daughter Cristina, who's also her personal IT advisor, gives her a hand.

A few days after returning from her latest trip, Giuliana receives a text: 'Blue Bank, we have received a request to authorize a €120 internet transaction for the card ending in *876'. How strange... Giuliana hasn't made any online purchases, and she is yet to start planning her next trip! While she's thinking about this, she gets a second text, very similar to the first. No sooner does she start wondering what's happening than she gets a third text: another €140! Cristina, honey, sorry to call you this late, but something weird is happening…  

When she hears what her mum tells her, Cristina tells her off for not contacting her bank immediately. Giuliana is even more confused! What do you mean? I did speak to my bank, she explains, shortly before receiving these texts! She then explains: she had received a text from her bank informing her that her account had been blocked and that to unblock it she would have to confirm her identity by clicking on a link in the text and entering her confidential data on the Blue Bank website.

Now it's all clear to Cristina. It's a scam! There are online fraudsters who impersonate people you trust, such as an institution, a provider or your bank! At this point, Giuliana calls the emergency number to have the card blocked, and the following day she calls Blue Bank to tell them what happened and ask how to prevent it from happening again.

She finds out that she's been the victim of a 'phishing' scam. What do you mean, 'phishing'? As in... going fishing? Giuliana asks. That's sort of what it is. The webpage where Giuliana entered her confidential data was not the login page of the Blue Bank website, but rather an identical - or very similar -  webpage, purposely created by online scammers who exploit the reputation and trustworthiness of a bank, in this case, to trick unfortunate users and get their confidential data (username, password and secret codes). The text sent by the supposed Blue Bank employee, asking Giuliana for her confidential data wasn't to verify her identity in order to unblock her account, but to authorize illicit online purchases.

How could I have been so naive? Giuliana wonders, amazed. The bank employee explains that online scams are becoming more and more frequent and that it's important to be careful and learn how to protect yourself. Even though we're not IT experts, we can notice the traps that are set for us as we browse online. How? First of all, fake webpages, created to look like the authentic, trustworthy website pages, are never quite identical: they usually have typos and the wording is not consistent with that normally used by our bank; in short, there are differences that are noticeable/obvious if you read them carefully. But most importantly, no operator, whether employed by a bank, a service provider, an entity or a business, will ask you to give them confidential data, either over the phone or via email or text. In any case, when in doubt, it is always best to use our official contacts and double-check everything.

One thing is clear: Giuliana has learnt her lesson and will probably not fall victim to a phishing scam again.