Since the outbreak of the pandemic, the increasing use of online channels has led to an increase in financial fraud. The 2021 reports of the Financial Banking Arbitrator and complaints received by the Bank of Italy, published recently, attest to an increase in online fraud. In the same period, the Postal Police discovered more than 18,000 cases of theft of credentials for accessing home banking systems, credit card numbers, and private cryptocurrency wallet keys. 27% growth compared to 2020.
Protector from the Postal Police against fraud
An important control measure in connection with Internet fraud is represented by the Postal Police, which also exercises a preventive function in connection with attacks on financial institutions. Ricardo Croce, Director of the Financial Cybercrime Department of the Postal Police, explains: “In addition to the prevention function, we have an anti-fraud function. The fraud focuses on the vulnerable part of the chain, the human factor, that drives money out of victims’ checking accounts. Information technology by implementation, but human weakness is exploited. Financial institutions have very effective cyber defenses. It is becoming increasingly difficult to manage the human element, i.e. the consumer, and the downstream user.”
“Improve” online fraud
In fact, after the time of the non-grammatical emails that immediately put the potential fraud recipient in the notice (Italian is not Italian, a character from Sciascia said, Italian is the logic), they are now real and their social engineering studies, which start from the knowledge of potential victims, Who can be whole classes of consumers and well known individuals. For the latter, the strategy is to get them to take actions that allow the fraud to be carried out.
Cross mentions spam campaigns, which are presented as coming from trusted interlocutors, such as public administrations and energy service providers. This leads to the opening of sites that reproduce, for example, a bank site. Or they lead you to open files that already contain malware.
Fraud via messaging system
If not via email, the message can be transmitted on a messaging system such as SMS or WhatsApp (SMS). “The citizen is reached with a message – explains Croce – on his mobile phone, which appears to have been issued by the bank. The recipient is made to believe that a possible fraud has been detected and leads to further action. The victim is urged to believe in the message, which also queues up to that of the bank, and contacts or contacts customer service. Which is clearly a fraud and addresses the victim in a professional voice. By opening the page, a series of information is captured, such as access codes from home banking. This is where voice trolling (voice trolling) comes into play. So at the end there is a phone call. Shown here is a phone number equal to the bank customer service number and a professional voice with trusted contents that also prompts the victim to read the temporary machine code, to allow operations to be carried out. At this point, the outgoing payment occurs, fraudulently ».