UniCredit Logo
Web
Chat
Back to top

Protect your
financial world!

All about how to protect your finances

  • Research all about internet safety

  • Stay informed

  • Protect your personal information and privacy

Protect your financial world

In this digital age, technology has transformed our lives, connecting us in ways that were not possible before.

Only through education, timely information and application of strong security measures, we can protect our digital life.

 

Together, we have the power to create a safer digital environment, overcome the dangers and take back control of our online experiences.

Phishing

Scenario:
A person receives an e-mail apparently sent by his Bank, which contains a link that allows the user to directly access the Bank's website. Unfortunately, the link does not lead to the official website but to a "cloned page", specially created to be identical to the official website. The cloned page has the scope to collect data that the victim enters to be used for fraud.


How can you protect yourself?For example, at UniCredit, all e-mails sent to Clients include the name, surname and branch reference. No link in the e-mail leads to a page with direct access to banking applications via the Internet. Even if you click on links in an email, the system never asks you to enter information such as card numbers, pin codes or passwords.


The evolution of phishing in recent years is related to the use of various communication channels used by the client, such as SMS, WhatsApp, Messenger, etc., through which the same type of attack is carried out by sending links from which it can be redirected to cloned pages. Such an attack is called Smishing. Another channel used to carry out phishing attacks is through phone calls, which goes by the name of Vishing. Official and institutional organizations do not ask for credit card numbers because they already know that.

Malware

Scenario:
Users who browse hacked websites or configure software from unsafe sources or open documents containing viruses received via e-mail unknowingly install malware on their own devices. Malware is an IT program used to interfere with operations performed by a computer user. It used to be called a computer virus. The malware can intercept the browser you use to navigate the Internet and when you enter your bank's Internet address, it can open a cloned website that asks you to enter information, including various passwords.

How can you protect yourself?
Use an updated anti-virus program and keep your device's operating system up-to-date; pay attention if your internet connection is too slow; check the "Task manager" to determine if any unknown process is active; pay attention if visible anomalies are detected during navigation on the Bank's page, for example, the usual buttons and words are not present. Another suggestion is to set up a notification in case of bank transfer and payment, in order to immediately check the legitimacy and type of operation. In case of illegitimate operations, it is important to immediately contact the contact center or your own bank in order to solve the problem quickly.
A variation of malware is Ransomware: a virus that locks all data on the hard drive with encryption. A distinctive feature of Ransomware is that it acts to block device functions or make data inaccessible by prompting the user to contact a fake support number to unblock the device or restore data. The victim is obliged to pay a fee for the help received or for the subscription to the support service. After providing "fake" support, the scammer makes the data available again. In some cases, they ask for an actual ransom in cryptocurrencies.


Pay attention to the speed of the Internet connection; check if you can identify unknown processes in the "Task Manager"; do not allow anyone to remotely take control of your device, even if the operator offers you help, unless it is a customer service number that you have found and contacted yourself; use an updated antivirus program and keep your device's operating system up to date.

Theft of credit card information

Scenario:
The person is still in possession of their card, but notices payments made, without their knowledge, on e-commerce websites. There are different techniques by which the fraudster can use the data: malware and identity theft or when we buy ourselves on unsafe websites. Another example is when a fraudster compromises existing websites, changing the software or payment system page and making duplicates of external transactions.

How can you protect yourself?
For online shopping, it is recommended to choose only websites that use the 3D secure protocol; buy only on sites that have already been tested by other users or see reviews; avoid using the card's data storage function; never communicate card data or PIN codes to third parties, especially by e-mail or telephone; monitor credit card activity frequently; keep the personal data shared with the Bank up-to-date: in this way, the Bank will immediately notify you via SMS in the event of a fraud attempt.

Internet abuse is any fraudulent activity carried out using a device connected to the Internet and/or via a mobile phone. Some key fraud schemes include using phone, email, website and online messaging (eg WhatsApp, Facebook Messenger, etc.) to conduct fraudulent transactions or trick victims into providing their personal information. Therefore, fraudsters ask for Bank login details, payment card details or personal information in order to impersonate the victim.

 

The abuse attempt can be divided into 4 stages, in which fraudsters:

  • They send messages or speak on behalf of a bank or a well-known Company;
  • They use tricks such as blocking a credit card linked to a bank account or referring to alleged winnings and proving that they are familiar with certain bank details of the victim;
  • After gaining the victim's trust, they lead her to believe that they rightfully know the information they are revealing;
  • They ask or invite the victim to enter various access codes such as passwords or pin codes and information related to credit cards, debit cards or prepaid cards owned by the victim on a computer or mobile phone.

 

Types of abuse are identified according to the means used for their execution.

Phishing

Scenario:
Scenario: A person receives an e-mail apparently sent by his Bank, which contains a link that allows the user to directly access the Bank's website. Unfortunately, the link does not lead to the official website but to a "cloned page", specially created to be identical to the official website. The cloned page has the scope to collect data that the person enters to be used for fraud.How can you protect yourself?For example, at UniCredit, all e-mails sent to Clients include the name, surname and branch reference. No link in the e-mail leads to a page with direct access to banking applications via the Internet. Even if you click on links in an email, the system never asks you to enter information such as card numbers, pin codes or passwords.The evolution of phishing in recent years is related to the use of various communication channels used by the client, such as SMS, WhatsApp, Messenger, etc., through which the same type of attack is carried out by sending links from which it can be redirected to cloned pages. Such an attack is called Smishing. Another channel used to carry out phishing attacks is through phone calls, which goes by the name of Vishing. Official and institutional organizations do not ask for credit card numbers because they already know that.

Malware

Scenario: Individuals who browse hacked websites or configure software that comes from unsafe sources or open documents containing a virus received via e-mail unwittingly install Malware on their own devices. Malware is an IT program used to interfere with operations performed by a computer user. It used to be called a computer virus. The malware can intercept the browser you use to navigate the Internet and when you enter your bank's Internet address, it can open a cloned website that asks you to enter information, including various passwords.How can you protect yourself? Use an up-to-date antivirus program and keep your device's operating system up to date; pay attention if your internet connection is too slow; check the "Task manager" to determine if any unknown process is active; pay attention if visible anomalies are detected during navigation on the Bank's page, for example, the usual buttons and words are not present. Another suggestion is to set up a notification in case of bank transfer and payment, in order to immediately check the legitimacy and type of operation. In case of illegitimate operations, it is important to immediately contact the contact center or your own bank in order to solve the problem quickly. A variation of malware is Ransomware: a virus that locks all data on the hard disk with the help of encryption. A distinctive feature of Ransomware is that it acts to block device functions or make data inaccessible by prompting the user to contact a fake support number to unblock the device or restore data. The person is obliged to pay a fee for the help received or for the subscription to the support service. After providing "fake" support, the scammer makes the data available again. In some cases, they ask for an actual ransom in cryptocurrencies.Pay attention to the speed of the Internet connection; check if you can identify unknown processes in the "Task Manager"; do not allow anyone to remotely take control of your device, even if the operator offers you help, unless it is a customer service number that you have found and contacted yourself; use an updated antivirus program and keep your device's operating system up to date.

Bec scam

Scenario:
A person, an employee authorized to carry out transfers on behalf of the Company, receives an e-mail that appears to be sent by a supplier with whom the Company normally does business. The self-proclaimed supplier requests to issue invoices to a different account in the future. The attack uses social engineering techniques through which criminals, who have gained possession of compromising mailboxes, obtain information about the company, employees and suppliers in order to compose the e-mail as truthfully as possible with the aim of redirecting transactions to their advantage. BEC scams are attacks mainly targeting C-levels or secretaries who make transfers on behalf of the Company.

How can you protect yourself?
Verify the authenticity of the request through a tool other than e-mail, for example, by phone or contact the supplier, always before payment, using known references or those contained in previous communications. Also, it is important to make sure that your co-workers or colleagues know about this type of fraud and how to avoid it.

Clone checks sent via Whatsapp or email

Scenario:
There are many cases in which targeted persons come into contact with a self-proclaimed seller through commercial websites, with whom they conclude a telephone agreement. After they have reached an agreement on the price, the seller asks to be paid by check and to be sent by e-mail or WhatsApp, a completed image of the check, as proof of willingness to complete the purchase. At this point, the fraudster accurately forges the check and tries to cash it, showing the fake documents at the bank counter.

How can you protect yourself?
It is always improper to send pictures of bank or cashier's checks, but if absolutely necessary, before sending the picture it is recommended to photocopy the check and blur the serial number and QR code and only after that send the modified picture. This way, the seller will have proof of our intent to purchase the item, but will not be able to clone the check.

Theft of credit card information

Scenario:
The person is still in possession of their card, but notices payments made, without their knowledge, on e-commerce websites. There are different techniques by which the fraudster can use the data: malware and identity theft or when we buy ourselves on unsafe websites. Another example is when a fraudster compromises existing websites, changing the software or payment system page and making duplicates of external transactions.

How can you protect yourself? For online shopping, it is recommended to choose only websites that use the 3D secure protocol; buy only on sites that have already been tested by other users or see reviews; avoid using the card's data storage function; never communicate card data or PIN codes to third parties, especially by e-mail or telephone; monitor credit card activity frequently; keep the personal data shared with the Bank up-to-date: in this way, the Bank will immediately notify you via SMS in the event of a fraud attempt.

Fraud related to products sold online

Scenario:
A person sells a product via the Internet and an interested person contacts him and makes himself available for purchase immediately and in cash, only after top-up at the ATM. So, a person is invited to go to an ATM and follow a series of instructions using a code that would allow them to receive cash directly from the ATM. When the fraudster transfers the data to the targeted person, he unwittingly continues to top up the fraudster's card.

How can you protect yourself?
It is important to be aware that ATMs do not issue money on behalf of others. It is important to be careful who invites you to go to the ATM to make a payment or collect a payment.

A love scam

Among the various types of digital scams there are so-called "love" scams that can take place on dating apps or social networks. In this case, the fraudster pretends to be someone else by creating an attractive fake profile. After gaining the trust of the targeted person, the fraudster makes up a complicated story, such as a medical emergency, in order to get money or payment card information from the person. If the person agrees, the fraudster can use them again; if the person refuses, the fraudster can blackmail them.

How can you protect yourself?
Pay attention to the personal information you share on social networks, check your contact's photos and see if they are already used on other profiles or pulled from Google Images; look out for grammatical errors, story inconsistencies and "excuses", such as a webcam that never works; do not share compromising personal material as it could be used for blackmail. Finally, avoid transferring funds via money order, wire transfer, international funds transfer, prepaid cards or cryptocurrency. These payment methods make refunds difficult.

Online trade

Another type of digital fraud may involve online trading, which is the buying and selling of financial instruments through an internet-connected platform. In the vast majority of cases, the actions of unauthorized entities, and therefore the lack of necessary requirements, result in fraud. Carrying out investment activities for the public is reserved exclusively for entities authorized by local authorities and ministries. Yet the so-called "boiler room", which takes place with "cold-calling of victims by bogus stockbrokers who convince them to buy worthless or non-existent stocks or bonds". The goal is to mislead unsuspecting investors who are often lured by promises of high returns with little or no risk.


How can you protect yourself?
Where applicable, check that the person offering internet trading is authorized by local authorities and commissions with powers and supervisory powers of local jurisdiction; do not rely on the website as proof that the business is legitimate; be wary of pressurers boasting of unique investment opportunities; make sure that you are not asked to pay a fee in advance as a guarantee of the investment; take your time to make an informed investment decision. Always remember that high returns can only be achieved with high risk.

Malicious application attacks

Scenario:
Fraudulent apps ask users to enter their card details or online banking access codes or transaction passwords.

How can you protect yourself?
Only download apps from official stores and read reviews from other users. Moreover, when installing applications, pay attention to the necessary permissions and authorizations.

Identity Theft

Scenario:
Identity theft occurs when an identity card or passport is stolen or when a false identity is created with a person's personal information obtained through phishing or social networks in order to commit fraud. Examples of personal data are: identity card; passport; driver's license; e-mail account; salary or bank statements. An identity thief can use this information to apply for credit, pay taxes, or obtain medical services. The targeted person could not immediately notice that he was a victim of identity theft.

How can you protect yourself?
Communicate your JMBG, or ID number only if necessary; do not share personal information just because someone asks for it; check your e-mail daily; pay attention to billing cycles; if bills or bank statements are late, contact the sender; check your payment card and bank account statements; compare receipts with bank statements and unauthorized transactions; delete accounts, credit offers, expired bank statements and payment cards; install a firewall to detect viruses on devices; create complex passwords and differentiate between credit and debit card passwords; review your credit reports once a year and; make sure they don't include accounts that aren't open; freeze your credit with the Reference Credit Company, as this prevents someone from applying and getting approved for a credit or utility bill in your name, and especially report the theft immediately. In addition, it is important to immediately report the theft of an identity document.
UniCredit guarantees constant monitoring in order to identify new risk scenarios, adopts solutions to prevent cyber-attacks and/or fraudulent transactions; updates fraud detection and management systems. Furthermore, in case of suspicious transactions worthy of investigation, UniCredit contacts its clients to confirm the operation or, if not, acts independently by proceeding with the cancellation.

RECOMMENDED PRECAUTIONS
  • Use an updated anti-virus program;
  • Keep your PIN away from your credit and debit cards;
  • Change your password frequently on the Bank's website and do not use names or dates that can easily be traced back to you;
  • Avoid automatically saving passwords in your browser;
  • Transfer the appropriate amount of money for a specific purchase to prepaid cards;
  • Read feedback from other online customers;
  • In case of card cloning, please contact customer service through official channels;
  • In case of fraud, always file a lawsuit
HOW TO ASSESS WHETHER AN E-COMMERCE WEBSITE IS SECURE?
  • An e-commerce website should have the following features:
    Visibility of business data and contact information must be easily accessible;
  • Good online reputation: it is always better to check the identity, good reputation of the seller, perhaps by consulting online forums;
  • Control of the general conditions of sale: define the rights and obligations of the buyer and the seller;
  • Payment information: it is important that the page has two-factor authentication of the buyer activated at the time of payment;Easy availability of delivery information: usually a maximum of 30 days for delivery and responsibility for the delivered goods rests with the seller until delivery;
  • Procedure for the right of withdrawal: it must be possible to return the goods, the merchant must submit a form (paper or electronic) with all data (where, when and what costs);Warranty after sale: the consumer has the right to use the product warranty, with a clear indication of the form and method of reporting the defect;
  • How to handle a complaint: the operator must clearly indicate the channels, time and procedure for submitting a complaint in the general conditions;How to resolve legal disputes: more precisely, an indication of the jurisdiction of the consumer court. If the indication of the seller is unclear or absent, you should be very careful when buying from that website so that you do not have to resolve disputes in courts far from your home;
  • Privacy policy, cookie policy and proper consent: conditions of processing and withdrawal of user and user data authorization must be published and visible on the home page of the website
HOW TO RECOGNIZE A "CLONED" WEBSITE?

A cloned website looks like an authentic website, except for the way the Internet address, URL, is written. That is why it is always important to check the address of the website and make sure that it is official and correct (it usually contains the name, initials of the Bank or the issuer of the payment instrument). Further checks may refer to the presence of tax and contact data of the Bank (VAT number, telephone number, headquarters).

HOW TO REPORT ABUSE?

In case of abuse, you must immediately block your credit or debit card by contacting the Bank or within the mBanking application, if that option is available, it is recommended to file a complaint with law enforcement authorities. In order to request a refund for an unauthorized transaction or the result of fraudulent activity, the targeted person must send a copy of the complaint to the Bank at the request of the local court and local regulations.

  • Check your payments, review your online account in a branch, through the mBanking application or through an ATM;
  • Activate notifications, for example via sms or push notifications, for account transactions and payment card payments;
  • For online transactions on your bank account, always type your bank's website address into the browser and do not use "favorite" links;
  • Do not click on links to the Bank's website sent by e-mail or SMS, as they may direct you to fake pages;
  • Do not send passwords, credit/debit/prepaid card information and personal or sensitive information by e-mail or telephone;
  • Ask your bank about new authentication and security standards for payment authorization;
  • Use only official applications and, in case of theft or loss of the smartphone, immediately block the mobile banking service;
  • Turn off Wi-Fi, bluetooth and location tracking when not needed;
  • Before buying online, always check the reliability of the seller;
  • Remember that the merchant is prohibited from charging for the use of electronic payment instruments.
Spinning wheel animation

Loading

UniCredit Logo