3 Ottobre 2018

Phishing and E-payments, how frauds are evolving

In the last 20 years, technology has been very helpful to the criminal world in the creation of frauds, but above all, it started a new kind of crimes. Burglaries that unlike conventional robberies are discovered even several months after being committed. Digital frauds are increasing dramatically in Italy, for example last year one in particular made headlines, a 500.000 € scam at the expense of one of Confindustria’s managers. All it took was a fake E-mail and a lot of cunning. This kind of cybercrime is called “spear phishing” or “personalized phishing”. In fact the fraud often consists in sending an E-mail containing specific information and including a fake signature, generally the company CEO’s signature, so that it looks trustworthy in the eyes of the accounting department’s employee, that oblivious to all this, responds to the credit transfer request sending the money right away. Besides, how could an employee not trust his CEO decisions? Virtual identity theft has become a recurring issue nowadays, in Italy some steps have been made towards a solution with the purpose of improving the management of authentication processes and in order to guarantee, for example, the identity of E-mail senders. In our country, a public system for digital identities (SPID) has been developed in 2014 in order to verify and manage digital IDs in the relationship between citizens and public administration. Further proof of our awareness is PEC, an Italian invention, namely a system that is able to send certified E-mails, or rather a type of email whose sending is certified by a neutral third-party, so that every E-mail is worth as much as a document. PEC is employed in only three countries: Italy, Switzerland and Hong Kong, but despite being an innovation, it does not fully comply with EU standards.