Risk awareness and cybersecurity for end users

Vai alla versione italiana Site Search

Banca d'Italia helps protect the customers of banks and financial intermediaries and disseminates the economic and financial education to address cyber risk, so that the public can safely access online banking, financial and insurance services. This page describes:

Objectives

In recent years, more and more people are accessing banking, financial and insurance services through specific apps on their computers or mobile devices. This ensures transactions can be performed more quickly and efficiently, but also requires greater levels of caution on different fronts: from operators, in building high security measures into the design and management of their services; and from the sector authorities in ensuring the regulations and rules, and their monitoring procedures are in step with technological developments, new threats, and the way the public daily use the infrastructure. Cyber criminals are able to exploit the digitization process and turn user habits to their advantage, adapting ever more sophisticated social engineering techniques to carry out frauds and cyberattacks. The risks to which users may be subject include the theft of sensitive data and banking credentials, financial losses, fraud, and becoming involved in a crime (as in the instance of money muling).

Banca d'Italia actively campaigns for cyber awareness among the general public, informing them on how to adopt sound practices in their use of digital instruments, and assisting other authorities in the fight against financial cybercrimes. Special care is taken in preventing risks among younger users, in line with EU initiatives for the promotion of financial literacy.

Activities

In collaboration with Ivass, CERTFin, and trade associations, Banca d'Italia promotes awareness campaigns for the general public and firms on the cyber risks to which users of financial services are exposed. The materials produced for these campaigns illustrate the main kinds of online fraud and the good practices they can follow to recognize fraud attempts and use their devices safely.

The materials are available on the Bank's financial education portal, 'Economics for everyone', with guides to the most common fraud strategies and the potential risks involved in using online services.

inphografic about The most common threats to users. 1. Phishing: In phishing, a seemingly legitimate email is sent asking recipients to disclose their personal data. That data can then be used to break into personal accounts or to conduct unauthorized transactions. 2. Pharming: Pharming schemes redirect users to fraudulent websites that simulate a legitimate website and are used to install harmful software or capture banking details, passwords, etc. 3. Smishing: Scammers send text messages through instant messaging services, including those on social media, to obtain the potential victim's personal data for illicit purposes. 4. Vishing: In a vishing campaign, scammers contact their potential victims by phone to persuade them to share their personal data. For instance, they may pretend to be bank staff contacting branch clients, urging them to disclose their account or credit card details. 5. QRishing: Scammers generate QR codes that take potential victims to a fraudulent website, where they are deceived into disclosing their sensitive data, making payments into the fraudsters' accounts or downloading harmful software.

Banca d'Italia promotes financial education initiatives on the prevention of cyber risks targeting younger users, small businesses, the elderly, and other vulnerable groups.

In its mission to ensure the safety of payments and digital financial services, and prevent and combat fraud and cybercrime, Banca d'Italia collaborates with other public authorities, namely the Ministry of Economy and Finance (MEF), the National Cybersecurity Agency (ACN) and the Postal and Communications Police, as well as public-private cooperation bodies such as CERTFin and the Italian Payments Committee (see 'Institutional cooperation and dialogue with the market').

The Bank also combats cyber risk through its supervision of operators, payment infrastructures and systems, and through awareness initiatives targeted at intermediaries.

To know what to do in case of scams or fraud, please go to the page: What to do if you have been scammed or are the victim of fraud.

Further information: