Security: protect yourself from online fraud

Just like in the real world, we are sometimes at risk of being scammed in the digital world too. The Intesa Sanpaolo Group offers advanced levels of security for users of its online systems and electronic payment systems. However, it is crucial that you also know how to protect yourself from those pretending to be your insurance partner.

We sometimes receive communications from non-legitimate sources such as people who might ask us to provide confidential and sensitive information such as security codes and personal passwords, or invite us to click on scam links under different pretexts, from accepting a commercial offer to changing our profile information.

Here are some examples:

Phishing:attempted email fraud and/or scam

Phishing refers to fraudulent emails that trick recipients into sharing their personal, financial or security information. These emails, which may seem authentic as they often replicate the logos, styles and language of emails from the real insurance partner, often require you to download an attached document or click on a link that then takes you to a scam site.

What you can do:

• make sure that your own software is up to date, including your browser, antivirus and operating system;
• pay particular attention if a supposed ‘banking’ email asks you for sensitive information (for example, your online bank account password);
• read the email carefully: compare the sender’s address with other emails received from your insurance partner and check the grammar and spelling;
• do not reply to suspicious emails; simply forward these to the insurance partner by typing in the address yourself;
• do not click on any links or download attachments;
• if in doubt, double-check your insurance partner's website or call customer service;
• pay attention to the tone of the email: when a scam is being attempted, the customer must act with urgency.

Vishing: attempted fraud and/or scam via telephone

‘Vishing’ (from the combination of the words Voice and Phishing) is a scam where fraudsters use a telephone call try to trick the victim into disclosing personal, financial or security information or transferring money to them.

What you can do:

• watch out for unwanted phone calls, or calls you are not expecting;
• If you are in any doubt, write down the caller’s number and let them know that you will call them back. In the meantime, look for the phone number of the organisation and contact them proactively: dial the telephone number to call directly;
• do not place your trust in the scammer by using the phone number they provided you (this could be a fake number;
• scammers can find your basic information online (e.g. through social media): Do not assume that the caller is legitimate just because they possess this data.
• never share your credit or debit card PIN or your online banking password. Your bank will never ask you for this data;
• do not transfer money to another bank account at someone's request. Your bank will never ask you to do this;
• If you think you have been the victim of an attempted phone scam, notify your bank immediately!

Smishing: attempted fraud and/or scam via SMS

‘Smishing’ (from the combination of the words SMS and Phishing) is the attempt by fraudsters to acquire personal, financial or security information via an SMS that appears to have been sent by your insurance partner. The SMS will typically ask you to click on a link or call a phone number to ‘verify’, ‘update’ or ‘reactivate’ your account. However, the link will in fact lead to a fraudulent website and the phone number will lead to a scammer pretending to be an employee of your insurance partner.

“Be careful when using a mobile device! It may be harder to spot a phishing attempt from your phone or tablet”

What you can do:

• do not click on any links, attachments or images you receive via unexpected or unwanted SMS messages, without first verifying the identity of the sender;
• check the source of the message (sender or phone number) before replying. It is possible that a fraudulent SMS may appear to fit in with the authentic history of SMS messages from your bank;
• if you receive an SMS requesting urgent action to be taken, call your bank's customer service team immediately to verify the legitimacy of the request;
• never respond to an SMS requesting your PIN or password to your online account or any other security credentials. Your bank will never ask you for this data.

How can you protect yourself?

The Intesa Sanpaolo Group will never ask you to communicate device and/or access passwords (user code, password, OTP) by phone, SMS or e-mail.

Check every detail of all communications sent to you, safeguard the confidentiality of your personal data and be wary of any telephone contact requesting such information. When preventing fraud, the details make all the difference.

For further information on security issues, please see the dedicated section of the site Intesa Sanpaolo.