They clone the numbers of the Carabinieri and banks to defraud: how to recognize spoofing and protect yourself

Telephone and online scams based on the so-called “spoofing” they are increasingly frequent and increasingly sophisticated. This particular data forgery technique, which allows attackers to mask telephone numbers or emails, making them appear as harmless contacts, it recently hit a 60-year-old from Genoa, who lost 39,000 euros. The scammer, a 40-year-old from Puglia, first pretended to be a marshal of the Carabinieri and then an anti-fraud operator of his own bank. The use of the spoofing technique by the cyber criminal was decisive in pulling off the coup, since the victim made the transfers only after having had the foresight to check the telephone numbers from which he received the two telephone calls, which actually corresponded (at least apparently) to those of a Carabinieri barracks and its banking institution.

Defending yourself from such specious and well-studied cyber attacks is increasingly complex: to succeed you must always keep your nerve, not trusting too much in “incoming” communications, even if they appear to come from apparently legitimate contacts. Better to stop the interlocutor and contact your bank independently to see how things really are.

How the spoofing mechanism works

The mechanism of these scams uses a mix of social engineering and data manipulation. The criminal creates a sense of urgencyinstilling in the victim the fear of possible fraud in progress on his own account, and therefore pushes her to follow instructions that apparently serve to secure your savings. This is what happened to the 60-year-old man we referred to in the introduction of the article, who saw a good 39,000 euros slipped out from under his nose. How could this happen? A fake Carabinieri marshal contacted him, informing him of an alleged attempted fraud on his bank account. Shortly after, the man received a second call, this time from an “operator” at his banking institution, who confirmed the need for a quick transfer of funds.

The victimperplexed by the receipt of the two phone calls, checked the origin of the telephone numbers with whom she was contacted and, persuaded by the coincidence of these with the official contacts of the Carabinieri and her bank, she followed the instructions by making the transfer to the scammer (unaware of what was happening). How was all this possible? Thanks to spoofing techniquea very insidious form of computer fraud precisely because allows you to manipulate the visual identity of the sender of the communication. “Spoofing” comes from English “to spoof”, which means to deceive. This happens by making the victim believe they are in contact with one trusted person (perhaps a family member or friend whose voice has been cloned with artificial intelligence) or ainstitution (typically the bank or a well-known company), manipulating the information visible on the smartphone displaywhich make the victim think that it is a phone call coming from an authentic source.

How to defend yourself from spoofing

To protect yourself from spoofing attacks, one of the fundamental rules is to never share sensitive information, such as access codes or banking details, over the phone or via suspicious links. It is advisable stop communication immediately and contact the organization in question directly using the official numbers available on public communication channels.

If you are the victim of a spoofing attack you must call the authorities promptly to be able to track and block these scammers and possibly report the scam to the Postal Police or the Carabinieri. Some investigations, even in recent times, have in fact led to the partial recovery of the sums of money lost following these scams and to the identification of those responsible for perpetrating the attacks.