Home Security

Cybersecurity
Scams and fraud: how to defend yourself and recognize them

Cybersecurity is becoming an increasingly sensitive issue in modern society due to the growing computerization of services and the consequent increase in the number of attacks. The phenomenon of digital scams and fraud is becoming more widespread and the techniques used are constantly evolving. In this section, you will find some practical advice on how to protect your online security when using digital banking services (including payment cards).

1) Some digital fraud techniques

Phishing/smishing: emails/text messages requesting passwords and bank details or containing links to carry out such operations. Fraudsters use these links to redirect users to a fake website created specifically to steal the victim’s personal information and codes.

Phishing (E-mail)
Phishing is a scam that involves fraudulent emails that appear to come from the Bank or other trusted institutions. Criminals send emails requesting passwords and bank details or including malicious links to carry out such operations. These links redirect the user to a fake website, created specifically to steal the victim’s personal information and codes. The emails often perfectly mimic the Bank’s graphics and logo, include official headers, and use alarming language such as “Unauthorized access detected” or “Immediate verification required” to trick the person into clicking without thinking. They may also contain infected attachments that, once opened, install malicious software on the computer.

Smishing (SMS or Whatsapp)
Smishing is a scam that involves fraudulent messages. Criminals send text messages that appear to come from banks or other trusted institutions, requesting passwords and bank details or including malicious links. These links redirect the user to a fake website, created specifically to steal the victim’s personal information and codes. The messages often create a false sense of urgency, such as “Your account has been suspended” or “Confirm this transaction immediately,” to prompt the person to act impulsively without verifying the authenticity of the communication.

Vishing (Call)
Vishing is a telephone scam in which criminals pose as bank employees or representatives of other trusted institutions. The scammers call their victims directly, trying to obtain sensitive data and security codes or convincing them to carry out fraudulent banking transactions. They often use psychological manipulation techniques, creating emergency scenarios such as reports of unauthorized access to accounts or suspicious transactions in progress. They can also spoof the caller ID to make the call appear to be coming from the bank, making the scam even more credible.

Quishing (QR Code)
Quishing is a recent form of phishing that exploits QR codes. Fraudsters send emails, letters, or messages containing malicious QR codes that, once scanned with a smartphone, lead to fraudulent websites or download malware onto the victim’s device. The codes may appear in communications that look legitimate, such as fake invoices, payment notices, or bank promotions, making it difficult to distinguish between authentic and fraudulent ones.

Spoofing
This involves falsifying the sender’s identity in communications such as text messages, emails, or phone calls. The aim is to trick the customer into believing that they are interacting with their bank or a trusted entity, prompting them to provide sensitive data (such as login credentials or OTP codes) or to carry out unauthorized transactions. These attacks exploit social engineering tools and can take the form of fake text messages or emails that appear to come from the bank, or phone calls from numbers that appear to be linked to the bank.

Digital identity theft
When a malicious individual obtains and illegally uses an individual’s personal data (such as name, social security number, login credentials, credit card numbers) to impersonate them online. This practice allows criminals to access bank accounts or payment cards, apply for loans or financing, make purchases or other transactions on behalf of the victim, and commit fraud or cybercrimes. The theft often occurs through data breaches, phishing (fake emails or text messages), malware installed on devices, or social engineering techniques.

How can you recognize an attempt at digital fraud?

  • Messages that create urgency or fear (“Within 24 hours,” “Immediate,” “Urgent”)
  • Grammar or spelling errors in the text
  • Strange email addresses (e.g., Banca-sicurezza@gmail.com instead of the official domain)
  • Suspicious and unknown links
  • Requests for sensitive data via email or text message
  • Unexpected attachments

How can you protect yourself from digital fraud?

The most effective protection is caution. Here are the basic rules to follow:
  • Never click on links contained in suspicious emails or text messages.
  • Do not download attachments from unknown or suspicious senders.
  • Do not respond to messages asking for personal information.
  • Do not call phone numbers provided in suspicious communications.
  • Always verify by contacting the Bank directly through official channels.
  • Check that the web address begins with “https://” and that the padlock symbol is present
  • Use the Bank’s official app instead of following links received via email or text message
It is essential to remember that the Bank will never ask for passwords, OTP codes, or card details via email or telephone, nor will it ask you to click on links urgently.

2) Some scam techniques

False investments in cryptocurrencies: this is a fraudulent practice that exploits the popularity of cryptocurrencies and online trading to induce savers to deposit money on platforms that appear legitimate but are actually run by fraudsters. The mechanism is often initiated through online advertisements or direct contacts, with the promise of high returns and no risk. After an initial small deposit, the victim is encouraged to invest further to “increase returns” or “unlock profits”. In reality, the funds are stolen and, when attempts are made to recover them, the platform becomes inaccessible or the alleged advisor disappears.

Warning signs:

  • Promises of guaranteed and rapid returns
  • Pressure to decide quickly (limited-time offers)
  • Requests for additional payments for technical or bureaucratic reasons
  • Lack of transparency regarding licences, registered office and authorisations
  • Misuse of famous testimonials or well-known brand logos

Anti-fraud verification scam: this involves receiving a text message asking you to call a phone number to verify payments or anomalies in transactions. Once you call the number provided, someone pretending to be from Cherry Bank’s anti-fraud department or customer service will ask for your card details and/or home banking access codes. Another variant is receiving a phone call in which a fake bank operator suggests carrying out transactions such as instant transfers to secure your available balance, or downloading an application for security checks.

Fake police officer scam: this is a telephone scam that exploits the authority of law enforcement agencies to trick victims into transferring money. The scammers contact the customer pretending to be police officers or security officials, often using spoofing (manipulation of the caller ID) to make an official police station number appear on the display. The most common pretext is to report suspicious activity on the account or ongoing investigations. In urgent tones, the criminals convince the victim that, in order to “secure” their savings, it is necessary to make instant transfers to unknown accounts. In some cases, if the customer does not have home banking, they are urged to go to the branch without interrupting the call and with the order not to explain the reasons for the transaction to anyone, invoking a false obligation of investigative confidentiality.
Warning signs:
  • Calls from apparently official numbers (police station, bank)
  • Pressure to transfer money “for security” or “for investigations”
  • Requests to keep the matter secret and not inform third parties
  • Requests for instant transfers or bank details over the phone
Business Email Compromise (BEC) scam: BEC is a type of cyber fraud that exploits compromised corporate email communications to trick victims into making payments to accounts controlled by criminals or sharing confidential information. After studying the organisation, fraudsters pose as trusted executives, suppliers or partners and send seemingly authentic emails, often with an urgent and confidential tone, to convince the recipient to authorise transfers to illegal accounts, change supplier bank details, or provide sensitive data or login credentials. Warning signs:
  • Urgent payment requests that are outside normal procedures
  • Communications that urge confidentiality and discourage verification
  • Sudden changes to suppliers’ bank details
  • Emails with seemingly legitimate senders but with anomalies (similar domains, minor errors)
Romance scam: A romance scam is an online fraud that exploits the feelings and trust of victims to obtain money or personal information. Scammers operate mainly on social networks, dating sites or via email, creating fake profiles and establishing a virtual emotional relationship, often long-lasting and seemingly sincere. After gaining the victim’s trust, the criminal makes financial requests motivated by alleged emergencies (illness, work problems, tickets to meet up) or sudden difficulties. The amounts requested may increase over time and, once the money has been obtained, the scammer breaks off all contact. In some cases, they may even blackmail the victim with photos or personal information.
Warning signs:
  • Profiles claiming to live far away or in unusual circumstances (military missions, working abroad)
  • Hasty promises of love or requests to keep the relationship “secret”
  • Refusal to meet in person or make video calls
  • Requests for money for sudden emergencies or travel expenses
Family emergency: this is a telephone or text message scam that exploits fear and urgency to induce the victim to transfer money. The scammer pretends to be a close relative (child, grandchild) or an intermediary (e.g. solicitor, doctor) and tells the victim about a serious emergency: accident, arrest, sudden medical expenses. In a dramatic and urgent tone, they ask for money to be sent immediately by bank transfer, top-up or cash delivered to a “trusted friend”. They often insist on secrecy and discourage verification, exploiting the victim’s sense of responsibility and affection.
Warning signs:
  • Sudden calls or messages with urgent requests for money
  • Pressure not to contact other family members or the bank
  • Requests for immediate bank transfers or cash deliveries to third parties
  • Dramatic stories that prevent verification (broken phone, inability to speak)
Social media scams (WhatsApp, Telegram): these are scams that exploit platforms such as Facebook, Instagram, WhatsApp or TikTok to deceive users and obtain money or sensitive data. Scammers create fake profiles, seemingly official pages or send direct messages with attractive offers, prizes, safe investments or requests for help. The most common methods include:
  • Phishing via links that lead to fake websites to steal bank credentials
  • Fake sales ads with advance payments that are never returned
  • Promotions or investments in cryptocurrencies with “guaranteed” returns
  • Requests for money from compromised contacts (hacked friends’ accounts)
The goal is to trick the victim into providing personal data, making bank transfers or online payments, often under pressure or with the promise of immediate benefits. Warning signs:
  • Profiles or pages requesting bank details or payments outside official procedures
  • Offers that are too good to be true or ‘guaranteed’ earnings
  • Suspicious links asking you to enter your credentials
  • Urgent messages discouraging verification
CEO Fraud: CEO Fraud is a form of cyber fraud that targets companies and organisations through counterfeit or compromised emails, with the aim of inducing authorised employees to make unauthorised transfers or share confidential information. Criminals pose as CEOs, executives or senior figures and send seemingly legitimate communications, often with an urgent and confidential tone, to convince the recipient to make payments to foreign accounts, change supplier bank details, or transmit sensitive data or credentials. This scam exploits social engineering and sometimes illicit access to corporate email accounts, causing significant financial damage and reputational risks.
Warning signs:
  • Urgent payment requests that are outside normal procedures
  • Communications that discourage verification or encourage confidentiality
  • Senders with email addresses that are similar but not identical to the official ones
  • Pressure to complete the transaction without involving others
Invoice fraud: Invoice fraud is a type of fraud that targets businesses and professionals through falsified payment requests. Criminals pose as regular suppliers or business partners and send seemingly legitimate invoices, often with amounts and details consistent with actual business relationships, but with modified bank details to divert payments to illicit accounts. This scam exploits social engineering techniques and sometimes unauthorised access to company emails to intercept communications and alter data. The consequences can be serious, with financial losses and reputational damage.
Warning signs:
  • Invoices with bank details that differ from the usual ones
  • Communications that urge confidentiality or discourage verification
  • Pressure to make urgent payments
  • Emails with senders that are similar but not identical to the official ones

3) ATM scams

Here are some simple precautions to take when using an ATM safely:
  • Make sure the keypad is securely attached: if it moves, a fake one may have been attached to steal your PIN.
  • Check the card slot: if it moves or seems loose, it may have been tampered
  • Check that there are no suspicious holes in the ATM, which could be potential locations for micro-cameras
  • Before you start, make sure that no one is watching over your shoulder
  • Cover the keypad while entering your PIN to avoid prying eyes
  • Do not accept help from strangers
  • If your card is not returned, contact your bank manager or branch immediately.
  • If your money is not dispensed, ask for a check at the branch.
In general, if anything seems unusual, do not carry out any transactions: change ATM and notify your branch or customer service.

Some examples of ATM scams:

Cash Trapping
The scammer attaches a device that blocks the banknotes from coming out of the ATM. The customer, convinced that there is a malfunction, walks away and the criminal recovers the money left in the machine.

Crocodile Tongue
This involves inserting a tab (e.g. a piece of film) into the card reader to retain the card. To obtain the PIN, the fraudster may approach the victim during the transaction or install a micro-camera near the keypad. When the customer does not receive their card and leaves, the criminal retrieves it and immediately uses it to make withdrawals or purchases.

ATM scam with card theft
The fraudster, often with an accomplice, distracts the customer while they are making a withdrawal, watches them enter their PIN and, with dexterity, steals the card. The customer, thinking there has been a malfunction, walks away, while the criminal uses the card for fraudulent transactions.

False online sale scam
If you are selling a product on the internet and the buyer offers to “credit” the payment via ATM, be very careful: it is a scam! The criminal guides you over the phone to insert your card and top up a prepaid card in their name, repeating the operation until the card balance is exhausted.

4) Digital security

Malware: protecting yourself from viruses and malicious software

Malware is malicious software designed to infiltrate devices and cause damage or steal information. There are several types: viruses that damage files, Trojans disguised as legitimate programmes, ransomware that locks data and demands a ransom, spyware that steals passwords and bank details, and keyloggers that record everything typed on the keyboard.

How to protect yourself

  • Always keep your operating system and all programmes up to date. Updates fix security vulnerabilities.
  • Install a reliable antivirus programme and keep it up to date.
  • Do not download programmes from unknown sources.
  • Do not open attachments or links in suspicious emails.
Passwords: the first line of defence
Passwords are the first line of defence for bank accounts. A weak password makes cybercriminals’ work easier.
Secure passwords
  • Minimum length of more than 10 characters
  • Combine upper and lower case letters, numbers and special characters (!, @, #, $)
  • Avoid common words, dates of birth or obvious sequences such as “123456”
  • Do not reuse the same password for multiple services
  • Change passwords every 6-12 months
  • Never share your passwords

How to store passwords
Use a password manager Avoid saving passwords in your browser on shared computers Do not write down passwords on paper or in unprotected files The Bank will never ask for any information used to access the reserved area (e.g. password, token code, etc.) either by telephone, e-mail or instant messaging (SMS, WhatsApp, etc.)

5) Only consult official communications from Cherry Bank S.p.A.

We will never ask for confidential information via email, text message or telephone. Never respond to requests for information about your cards, accounts or Customer Area access codes. No Cherry Bank operator will ever call to ask for an OTP or code received via text message. Before responding or taking any action, carefully check the messages you receive:
  • It is not enough that the sender is Cherry Bank. The email or text message may appear to come from a sender you trust, including Cherry Bank.
  • Read the content of the messages carefully. Think carefully about what is being asked of you and the possible risks. If you are asked for codes or personal data (passwords, credit card numbers, access codes, OTPs), it is certainly an attempt at fraud
  • Check the formal details. A grammatical error is the first clue to exposing the scam

Here is a quick reminder to keep in mind when recognising a fake communication:
  • Cherry Bank will never contact you to ask for personal codes
  • Cherry Bank never includes links to external pages or applications that require you to enter personal codes
  • App updates are always and only available through official stores

6) Tools for preventing online banking fraud

  • Manage your payment limits: in order to reduce the risk of fraud on your home banking service, set limits that are consistent with your operations and prudently low, and you can assess the need to request an increase
  • Manage notifications: if you have not already done so, activate notification services via text message or email
  • Protect your devices: install antivirus and antispyware software on your devices and make sure they are always up to date.
  • Use secure passwords: create long passwords that contain numbers, punctuation marks, symbols and upper and lower case letters. This will make them more difficult to crack or guess by trying all possible combinations. Avoid using words, nouns, proper names or geographical names found in dictionaries. Avoid using personal information that can be retrieved via the internet (date of birth, name of partner or children, telephone number, etc.). Use different passwords for each account so that even if a hacker manages to crack one of your passwords, only one account will be compromised.

7) Do you think you have been a victim of online banking fraud or attempted fraud?

If you have received an email, phone call or text message that you are unsure about, take a moment to call your service provider or customer service before taking any action.

Visit the Contact Us page to view customer service numbers and other useful numbers for blocking cards.

logo Cherry Bank

You are being directed to the English version of the Cherry Bank website.

A shortened version of the website with the main information is available in English (all documents are available in Italian only).

The full version of the Cherry Bank website including corporate information, product/services, documents is available in Italian only.

Go Back
Next

Cosa stai cercando?