Phishing is a type of fraud which uses contact by telephone or other deceptive forms of communication to trick customers into revealing sensitive data such as credentials for accessing home banking services, user codes or payment card data.
With this objective, fraudsters use text, email or WhatsApp messages imitating the design and content of a bank’s official communications and channels.
Such attempts at fraud often refer to urgent situations to trick the user into disclosing their personal data immediately, which is then used unlawfully by the criminals.
How to protect your identity
- Do not include telephone numbers, addresses or other personal information in your password. Someone could obtain this information and use it to gain access to your account;
- Do not use the automatic saving option on your browser to save your password: this is risky behaviour in terms of data protection;
- In choosing a password, try to think of a combination of words that is easy to remember which also includes numbers and special characters;
- Do not use the same password for different accounts or services. If you struggle to remember all your passwords, an online password manager can be useful, or alternatively you could create a personal algorithm to remember all of them.
- It is a good idea to save useful data only and to remove all data you do not use from your devices;
- It is important to back up your data, preferably on an external hard disk, or alternatively store it using one of the cloud computing services available. This enables you to retrieve the information at any time.
how to protect Information ONLINE
- Use a different email address in each situation (e.g. one for current accounts, one for business accounts, one for newsletters, etc.);
- Change the password for the email account that you use to share information with the bank on a frequent basis;
- Be sure to log out from your account whenever you use a different device;
- Be careful with pages which appear to be very popular or which have high traffic volumes: it is easy for hackers to build fake websites for clickbait and to persuade users to download harmful files;
- Be wary of any email or WhatsApp message asking you to provide personal and sensitive data and/or your credentials: institutional organizations usually do not make this kind of requests;
- Be wary of any offers received or read online. It is usually safer to use trusted e-commerce sites than to choose one at random.
- Avoid any kind of banking operation and do not send other sensitive information using a public Wi-Fi network. If you are connected to a public Wi-Fi network, it is better to do not perform activities that require you to enter a password;
- Make sure you are using a secure website – you can tell that a website is secure because the address bar begins with “https” - before completing a financial transaction.
How to protect payment instruments
- Enable the text message or email alert service to receive an alert every time your credit card is used, to allow you to recognize any suspicious behaviour immediately;
- If you log into your bank accounts online, it is a good idea to check your account statements and card movements at least once a week, to ensure no suspicious transactions have taken place. It’s a good idea to keep an eye on small transactions in particular, as these are the ones that tend to go unnoticed and often constitute instances of fraud.
Watch out for possible fraud
- Make sure you store the credit card data received from the bank securely, to prevent theft of personal information;
When it is necessary to share your credit card number, it is useful to always check who is making the request, and if you have any doubts, simply do not share the information;
Do not save photos of cheques (including blank cheques) or sensitive data involving your credit card on your smartphone or send them to others; with this information it is very easy to clone payment instruments.
how to protect devices and network
Update your operating system regularly, to protect your device from the most recent threats and remove any bugs from your smartphone, to make it easier to protect;
Protect your own computer and/or smartphone by installing a good antivirus/antimalware programme, and run regular spyware checks. It is also a good idea to install a personal firewall, to protect your mobile devices from direct attacks;
Always turn your computer off when you’re not using it, rather than leaving it on standby – and connected to the internet – which leaves it exposed to possible unauthorized attacks for longer than need be;
Before destroying an old device, make sure that any information still stored on it is illegible; the contents can be erased by a magnetic procedure or using software specifically devised for this purpose. If the device is a smartphone, carry out a factory reset (i.e. the device is reset to its initial conditions);
Delete any emails from unknown sources, avoid downloading files from dubious-looking websites, and be careful of any pop-ups or random announcements that could open the door to viruses and other programmes that could damage your devices;
Be wary of people sitting near you in public places or on means of transport; some might try to read private information from your screen.
Only install apps from the official stores: some apps can share personal information, including your GPS position;
- Check and configure the privacy settings on the apps you use; always select the option which allows the minimum quantity of data possible to be shared;
- Disable automatic data uploads to the cloud: always choose what information you want to be uploaded on remote servers;
- Set the content filters so that any children using your device do not inadvertently download content that is inappropriate or harmful.
how to protect information on SOCIAL NETWORKs
Do not share personal information on social networks: many hackers are able to work their way back to passwords by using combinations of personal data such as the names of children, addresses and other details;
- Always choose the maximum level of privacy to guarantee that your personal data do not end up in the hands of criminals, it is helpful to remember that privacy settings are being updated the whole time, so it is a good idea to check the settings regularly;
- Do not accept friendship requests from people you don’t know; it’s a good idea to use your personal profile for friendships with people who are actually friends. If suspicious users start to adopt invasive behaviours, social networks can ban them if they continue not to respect other people’s privacy;
- Be suspicious of "friends" who say they are in danger or who ask for financial help. If you are worried about them, the best thing to do is to contact them directly yourself and make sure that it is not some form of attempted fraud;
- It is always a good idea to activate two-factor authentication for any social networks you use for access to your accounts. This will mean using both your regular password and a one-time password consisting solely of numbers sent directly to your phone by text message each time an attempt to access your account is made from a different device.
how to protect data following a breach
If your email account provider (Gmail, Hotmail etc,) has suffered a data breach, change your password immediately;
- If the company that issues your payment card has suffered a data breach, cancel the card and ask for a new one;
- If you receive a link via email asking you to update your personal information following a breach, go to the company’s website before entering your log-in credentials (i.e. by typing the website’s URL in the address bar) and check in this way that a breach has actually taken place.
How to use and protect digital signatures correctly
Use a secure password to access your email; it is useful to change your password regularly in order to enhance the protection level;
- If you are asked to sign for a money transfer you don’t recognize, let your banker known promptly and change the password for your email address;
- Mediobanca never asks for OTPs, for any reason whatsoever;
- Mediobanca never sends texts or instant messages inviting you to go to specific websites;
- The only communications regarding the use of digital signatures you will receive from us will come from MEDIOBANCA via eSignAnyWhere [mailto:email@example.com], and will be from your own banker or assistant banker.
Last revision: 05 May 2021