What is it? A technique which uses the study of individual behaviour and personification to gain victims’ trust by inviting them to send their own personal data (e.g. access codes) or inducing them to perform financial transactions.
How can I recognize it?
Suspicious senders: sender unknown or which sends requests for personal or banking data or access codes.
Urgency: these messages are always urgent, requiring the recipient to take action immediately on administrative or legal matters in view of an imminent deadline.
Suspicious procedures: the recipient is invited to following non-standard procedures (e.g. to update their password) or to provide credentials and data to resolve situations in which an account or card has been locked.
What should I do?
Check the real identity of the person who is trying to contact you, and if you are suspicious, do not respond to their requests, but contact the sender (e.g. the Bank) using the official channels
Do not share credentials (passwords, PIN numbers and OTP) or payment card data; the Bank will never ask you for this kind of information.
If sensitive data has been stolen, the competent authorities must be informed as well as the company, entity or bank involved, for the appropriate action to be taken swiftly.