Hackers are trying to get into users' bank accounts through an email phishing campaign: here's how to recognize the scam and not fall into the trap
Hackers are targeting users with an account at Banca Nazionale del Lavoro. The technique is the classic one used in email phishing campaigns and the aim is to get the access credentials of online current accounts in order to steal users' money.
The BNL has released several information on its website about these online scams targeting its customers. First of all, the bank informs its customers by email messages, but only by direct contact, at the counter, between BNL operators and the account holders. The hackers were very good at recreating perfectly the e-mail messages as if they had been sent by Banca Nazionale del Lavoro. The hackers contacted the users advising them of the need to perform an action on their current account due to the prolonged inactivity, updates and improvements to the service offered. If users click on the link in the text of the email and enter their bank account credentials, it's child's play for the hackers to transfer all the money in the account.
How to defend yourself against online BNL account scams
The first thing to remember when talking about bank accounts is that banks do not contact us via email. They can send us a message within the home banking service, call us or inform us in person when we are at the counter, but operations such as updating personal data or unlocking an online account should never be done by clicking on an email link. If in doubt, always contact your bank first. In addition, we pay attention to the spelling of these messages. In many cases they are really well written and can be misleading, but in other cases they are generated with an automatic translator and have obvious grammar or syntax errors.
Beware also of WhatsApp and SMS
Lately hackers have noticed that users are starting to recognize phishing attempts via email and to trick users and make them fall into the trap they are starting, or rather resuming, to use SMS scams. Despite being quite out of fashion, the SMS is seen as something more personal because it is sent to our phone number. The text will contain a link on which to click to be redirected to a fake site of our bank where to enter their credentials to access the current account online. Once the data has been entered, we will not enter our bank's portal but will see an error message. In the meantime the cyber criminals will have recorded our data and emptied our accounts. Be careful because the same system is also very popular on WhatsApp. Understanding that this is a scam is not complicated. Think about it, if BNL or any bank doesn't contact you via email to carry out important operations, why should they do it in an even more informal way with a little message on WhatsApp?