Massimiliano Brolli : 18 October 2025 09:24
Cybercrime is increasingly looming over the unfortunate online world. Fake profiles and scams are rampant on social networks, which, even with the best artificial intelligence, struggle to keep up with a phenomenon that generates scams of all kinds. This column aims to raise awareness among everyone about the ever-increasing number of online scams, primarily originating from emails and social networks. This will be done through first-person stories told by the unfortunate victims, providing a final lesson learned.
Author : Massimiliano Brolli
Hi guys, my name is Pasquale, I’m 55 years old and I’ve had an online bank account for a long time and I’m happy with it.
I’ve always used these online banking services, which allow me to make the most of my credit cards (I’m a big fan of the rechargeable credit card, because it makes me feel more secure) and the ability to make online bank transfers, which lets me appreciate the speed of the internet from the comfort of my sofa.
Let’s just say that confirmation codes have become far too common lately, but it’s also true that, given the news we’re hearing about cybercrime and hackers, they’re solutions that allow us to keep our wallets safe. I know a thing or two about this.
Now I’ll tell you what happened to me about six months ago. It was a rainy Saturday in April, and it was cold.
I didn’t go out that day because it made no sense given the gloomy day.
I was on the computer reading some articles on the internet, flitting from one social network to another, when at a certain point I received a text message from my bank that told me:
Dear customer, we have been hit by a major cyber attack. To allow us to restore your account as quickly as possible, please log in to this address and confirm your account. Otherwise, you will need to come to a branch so we can restore your account.
At the end there was a link that pointed to a website.
Upon reading this message, I rushed to the bank’s website, where I was asked to confirm my username and password. I already knew they would ask me for documents that would take me a week to retrieve.
I then accessed the portal where the bank’s website was present and in the center was a thank you for having certified the access credentials.
I felt relieved even as I wondered what damage the hackers could have done to my bank’s computers, not realizing that the target of the fraud wasn’t the bank, but me.
I go back online, go to Facebook, and almost immediately receive a phone call from a number I didn’t have in my address book.
It was a girl who told me in Italian
Dear customer, we are the bank [….] and we thank you for accessing our site and certifying your login credentials. Unfortunately, we are doing everything we can to limit the damage. We know you entered your credentials on our site, but since some of the systems are still in the hands of cybercriminals, we wanted to know if by any chance you received an unlock code from the bank.
I replied:
“wait while I check”
In fact, another text message had arrived, but I hadn’t checked who it was yet. I replied to the girl, saying
“Yes, it arrived. It’s the standard unlock code I receive to access my account.”
She told me
“yes exactly”
She kindly asked me to provide it to her so as to eliminate the possibility of hackers accessing my account funds, as it was an OTP unlock code. I then provided the code to the girl, who thanked me and hung up the phone.
After about two or three minutes, a third SMS arrived confirming the successful transaction of 5,000 euros to an unknown account.
Shortly afterward, I realized that hackers had stolen $5,000 from my account and that I had been the victim of a “social engineering” attack. I had never heard the term before, but from what I understood, it’s a method of targeting people using psychological and social techniques. Sorry if I’m being rambling, but I’m no expert in this field.
That evening I felt very bad because, yes, I was sorry about the 5000 euros obviously, but the thing that made me most angry was the way I had been scammed.
Later they also explained to me that it was a combination of two techniques called SMishing and Vishing, but by then the 5000 euros had been lost forever and the bank did not refund me a single euro.
Pasquale finally figured out how to behave in these situations. Will you do the same?