Historic victory for Codes: phishing victims are subject to targeted attacks

Historic victory for Codes: phishing victims are subject to targeted attacks
Historic victory for Codes: phishing victims are subject to targeted attacks

Ing Banak, condemned to pay compensation, must now take note that customers must be guaranteed with greater measures


Fundamental ruling obtained by the Codici association in the protection of consumers who are victims of banking scams. Yesterday the Court of Genoa published a provision, signed by Judge Chiara Russo, which concerns the fraud suffered by a customer of Ing Bank, protagonist of a case of SMS spoofing. This is a technique that involves sending a trap SMS, making it appear to have been sent by a certified sender, such as your bank. In this way the message appears on the victim’s smartphone in the chat of that sender, with whom there already exists a more or less relevant messaging exchange, immediately causing the recipient to fall into error. The Court of Genoa ordered the reimbursement of the customer, who managed to recover around 12 thousand euros, adding a very important new element in banking scams, namely establishing that the victims of this type of fraud are the subject of targeted attacks. A sentence that the Codici association highlights to warn consumers and draw the attention of Bank of Italy.

“The story dates back to June 2021 – explains the lawyer Carmine Laurenzano, Codici’s lawyer –, when our client received an SMS, coming from a number referable to the same institution, in which he was informed of attempts to access the account. This notice is accompanied by an invitation to connect to the bank’s App, confirming your data via a link. The SMS was at the end of all those received previously, which is why the customer trusted the communication and clicked on the link, entering his details to foil the scam. After a few minutes the call arrives from a so-called Ing Direct operator, confirming the fraudulent access from an unknown device. After a new SMS, on the same message thread from which it receives communications from the bank, which confirms the blocking of unwanted operations, a new call from the so-called ING operator, again from the same telephone user, communicates the successful outcome of the blocking of unwanted operations . Apparently everything is resolved, but in reality it is the last act of the scam, which materializes within a few hours in a transfer of 14,900 euros to a current account in the name of an unknown person. Hence the denial of the operation, which triggered a series of actions that made it possible to recover almost the entire stolen sum. It should be underlined that the operation that triggered the scam was not authorized either by sending PIN codes or tokens. Our client did not issue any so-called ‘strong’ authentication code. The alleged operations to block fraudulent access, however, were carried out on the official Ing Bank App, following SMS received on the thread referable to the institution’s official number. For its part, the bank did not notify or block the suspicious movements. As noted by the judge of the Court of Genoa, finally opening a new scenario in consumer protection, the institute has not adopted all the best technical measures to avoid the risk of fraudulent use of payment instruments and fraudulent or grossly negligent behavior of the ‘user, such as to exclude his liability”. The central issue of the issue, which clearly emerges from the sentence of the Court of Genoa, is the ways in which the scams occur. The victim was not the subject of a massive communication, but of a targeted attack, in this case done with specific and precise SMS and calls. The scammer now knows perfectly well who to contact. This means that, as noted by the Judge, the criminals manage to take possession of personal data and contacts not through the customer-victim, but by exploiting the gaps in the banks’ security systems. And this is where the Codici association believes we need to intervene. Bank of Italy must take note that customers must be guaranteed with greater measures and institutions must improve their defense tools. Information campaigns are certainly valuable, but unfortunately they alone are not enough to protect customers from scams, which are increasingly difficult to recognize and, as this story demonstrates, above all targeted, aimed at hitting specific targets.

The Codici association provides assistance to consumers who are victims of banking scams. You can report your case and request help by calling 065571996 or writing to [email protected].

 
For Latest Updates Follow us on Google News
 

PREV on June 18th protest against the wild boar and wildlife emergency
NEXT Bomb at the ATM and three-pointed nails in the street to protect the escape, theft during the night in Bitonto – PugliaSera