How to recognize and protect yourself from phishing


It is a type of on line scam that, without violating the Bank's security systems, aims to fraudulently capture customers' Internet services access codes. This is how the scam works:


  • false emails sent by the scammer
    the scammer sends a fake letter to thousands of email addresses, purporting to be a bank and asking customers to provide their access codes (e.g. for verification purposes or for technical needs) by connecting to a fake website, identical to that of the bank, to which a link is provided;
  • reception of email by the customer
    the customer reveive the bogus email in which he is asked to click on the link of the fake website indicated in the email and provide his access codes;
  • access to the fake website
    by clicking on the link in the email, the customer is sent to the fake website (which is visually identical to that of the bank) which is controlled by the scammer, where he enters his access codes;
  • receipt of access codes by the scammer
    the codes entered by the customer are recorded and reused by the scammer to access the real bank’s website;

How to recognise phishing and protect yourself.

Phishing attacks are initiated by sending fraudulent emails that typically:


  • seem to come from the bank, since they have all the characteristics of emails sent by the bank (logos, source address, etc.);
  • require security codes to be entered for various reasons (technical problems, security reasons, ensuring continual access, etc.);
  • contain a link to the fake website controlled by the scammer to which to connect to for entering credentials; the fake website is often identical to the bank’s, but comes from a different address and typically does not have a valid digital certificate;
  • almost never contain information regarding the sender (first name, surname, address);
  • often contain grammatical errors, as they are generated by automatic translators.


To protect yourself from phishing attacks just follow a few simple guidelines:

  • suspicious communications
    never act on emails or phone calls that require you to input or communicate your identification codes: our policies never require you to provide us with your access codes under any circumstances;
    accessing services
    only and always access the bank's site by entering the bank's web address ( directly in your browser address bar (MS Explorer, Firefox, Opera, etc.);
  • entering your access codes
    never enter your access codes to the site from a link in a message (email, IM, etc.) or from a third-partty's website.


What to do in the event of suspected phishing.

If you receive a suspicious email apparently sent by the bank, you must immediately contact our Customer’s Service, your branch or the toll-free number if you call from Italy 800.312.316. (from other countries +39 011 1997.2040). In the event of imprudently communication of your codes after receiving a phishing message, you must change your PIN code immediately and contact customer support.


Security measures adopted by the Bank against Phishing.

Intesa Sanpaolo makes use of security tools and measures that reduce the risk of phishing attacks and protect its customers:

  • use of digital certificates to protect its website;
  • access by means of strong authentication tools (O-Key or digital certificates);
  • software to monitor and identify unusual behaviour that is typical of fraud attempts;
  • monitoring the network to identify bogus phishing websites.


market data