Don’t Panic, there is a Solution: Proper Training
The landscape of online financial fraud in Italy has reached concerning proportions in recent years, with a significant escalation in 2024. Data from Interpol reveals an alarming situation: in the second half of 2024, Italian citizens suffered digital fraud amounting to approximately € 110 million, spread across bank transfers, payment cards, and electronic money instruments. According to a survey by Facile.it, over 2.9 million Italians fell victim to online scams in 2024, with total estimated economic damages exceeding 880 million euros.
Particularly significant is the increase in bank fraud reports received by the Bank of Italy: over 730 reports in 2024, showing a 32% increase compared to the previous year. This phenomenon represents a growing threat to confidence in the digital payment system.
The Reversal Scam: the Hidden Threat behind Digital Payments
The reversal scam represents one of the most insidious frauds in the digital payments landscape.
The mechanism is relatively simple. The scammer contacts the victim pretending to be a bank operator or a payment service representative, using social engineering techniques to obtain sensitive information.
It all begins with a text message sent via SMS to the potential victim’s phone. A communication nearly identical to official bank communications informing the recipient of a fictitious authorization request for a bank transfer from their account. Usually, the amount is particularly high to increase the sense of urgency and generate panic.
The message contains a link supposedly to deny the authorization. The SMS is often followed by a call from a fake bank operator who explains the situation, reassures the victim, and asks for information about the operations that were supposedly made on the account.
The fake operator continues to build trust with the victim, making them believe they want to help resolve the situation and inviting them to click on the link in the message, and follow instructions that will instead lead the victim straight into the trap.
The link actually opens the door to installing applications that allow screen sharing (like TeamViewer, remote desktop, etc.) and enable scammers to remotely control the client’s device, access their bank account, and perform malicious operations. This is a particularly effective type of fraud because it exploits users’ trust in the banking system and the authority of its employees.
Additionally, scammers have become increasingly sophisticated in replicating official communications, using logos, graphics, and language that perfectly mimic those of legitimate financial institutions. Recognizing their fraudulent nature can be very difficult.
Payer Manipulation: when the Victim Gives Consent
But there’s another scam that represents a worryingly growing phenomenon.
It’s called payer manipulation, one of the most concerning forms of financial fraud that has emerged in recent years. According to Bank of Italy data, this type of fraud has shown a real surge, going from an average ranging between 32% and 48% in 2022 and 2023 to 65% in the first half of 2024 in terms of fraudulent transaction volume, particularly regarding bank transfers.
Payer manipulation differs from traditional scams because it actively involves the victim in the money transfer process. The customer is induced by the scammer to personally make a payment, exploiting information gathered through social engineering techniques and creating situations of urgency and panic that push the victim to act without adequate reflection.
Moreover, since there is consent from the victim, the security measure of SCA, Strong Customer Authentication, is circumvented. This often prevents the automatic activation of refund mechanisms provided by regulations, making it more difficult to recover stolen funds.
Adding insult to injury. In the case of bank transfers, where this type of fraud is prevalent, 89% of losses are borne by the customer, compared to much lower percentages for cards (40%), electronic money (31%), and ATM withdrawals (51%).
A rather striking example of this type of scam occurred in recent months, when several Italian entrepreneurs received calls that appeared to be from Defense Minister Guido Crosetto: the criminals, posing as the politician, requested large sums of money to resolve a very delicate state matter.
How to Recognize Scams
There are several indicators that can help identify scam attempts:
- Urgency:
Scammers always create emergency situations that require immediate action, not allowing time to think or consult others. This is always a warning sign. The recommendation is to manage anxiety and gather all necessary information before taking irreversible action. - Requests for confidential information:
Banks never request login credentials, PIN codes, passwords, or credit card details by phone, email, or SMS. When this happens, it always smells like fraud. - Unsolicited communications:
Always be suspicious of unexpected contacts regarding financial matters, even if they seem to come from official sources. - Psychological pressure:
Scammers use manipulation techniques to create anxiety, fear, or guilt, pushing the victim to act impulsively. Here too, it’s essential not to be intimidated and to take time, even at the cost of being rude.
Furthermore, before providing any information or making payments:
- Contact your bank directly using official numbers
- Never click on links received via email or SMS
- Verify the authenticity of communications through official channels
- Never provide sensitive information unless you’re certain of the identity of the person you’re talking to
Regulatory Updates
The good news is that measures are finally being adopted to curb these types of scams.
From October 9th, payment service providers will be required to perform real-time verification of the IBAN and beneficiary details for bank transfers (both instant and traditional) and report any discrepancies before the customer authorizes the payment transaction.
This innovation, introduced by Regulation (EU) 2024/886 and known as Verification of Payee (VoP), aims to reduce errors and combat fraud, making digital payments, particularly instant ones, more secure.
An additional tool in the landscape of institutional protections being put in place, which however cannot guarantee us peace of mind.
Criminals will certainly not be intimidated by this latest measure as they will quickly find ways to circumvent it. Their target remains human vulnerability, which they will always be able to exploit, especially when there is a lack of strong digital posture and adequate awareness.
The most effective tool for defense remains a solid understanding and mastery of the web and its most secret hiding places, where criminals, increasingly cunning and sophisticated, love to conceal themselves.
Unfortunately, the battle remains uneven, as security culture is still not widespread enough and proper training remains the privilege of few.
The turning point will come when an increasing number of citizens are adequately trained and thus able to manage – technically, emotionally, and mentally – an increasingly challenging cyber risk.
