Spoofing Exposed: Your Cybersecurity Awareness Month Alert
Thursday 30 October 2025
Recomend this page
Thank you, we sent your recommendation to the desired recipient.
Sorry, this functionality is not available right now.
Please try with this link. Thank you.
October is Cybersecurity Awareness Month – and there's no better time to learn how to protect yourself from spoofing attacks.
Spoofing is a fraudulent technique where scammers manipulate caller IDs, email addresses or SMS headers to impersonate banks and legitimate companies. This deceptive practice tricks individuals into revealing sensitive information like one-time passwords and login credentials, or transferring funds to fraudulent accounts. Understanding how spoofing works and recognising the warning signs is critical to protect yourself against financial fraud and identity theft.
What is spoofing?
Spoofing represents a sophisticated form of digital deception where criminals disguise their true identity by manipulating telecommunications or messaging systems. Whether via phone calls, emails or SMS messages, the goal is the same: to make the communication appear to originate from a legitimate organisation – typically a financial institution or well-known company – when it actually comes from a scammer.
This is something that can be done across multiple communication channels:
- Phone spoofing involves overriding caller ID protocols to display a trusted number.
- Email spoofing uses forged sender addresses and branding to mimic official communications.
- SMS spoofing manipulates message headers to insert fraudulent texts into legitimate message threads.
These tactics are often accompanied by psychological manipulation. Scammers create artificial urgency – claiming suspicious activity, account breaches or regulatory issues – to pressure victims into acting quickly. They may pose as helpful representatives, requesting sensitive information under the guise of verification, or instructing victims to transfer funds to “secure” accounts that are in fact controlled by the fraudsters.
Know what UniCredit will never do
UniCredit will never:
>> Contact you to request transfers to other accounts.
>> Ask for private information such as online banking passwords or OTP codes during a call, email or SMS exchange. While you may be required to enter these details when accessing UniCredit’s secure platforms, no UniCredit agent will ever ask you to share them directly.
>> Instruct you to visit an ATM to make a transfer.
>> Send SMS messages containing links, even within existing UniCredit message threads.
>> Create accounts on your behalf.
If you receive a message – whether by phone, email or SMS – that includes a link or asks for sensitive information, it is fraudulent.
Protect your personal information
• Never provide personal or banking information via links in SMS or email messages, or during unsolicited phone calls.
• No legitimate company or public entity will ask for sensitive information through these channels.
• Delete suspicious messages immediately without responding.
• Do not click on links or download attachments from unknown or unexpected sources.
Stay vigilant and secure
• Be wary of alarming messages or calls that create urgency and fear.
• Keep your devices protected by installing anti-malware software and antivirus programmes.
• Perform regular scans and keep your operating system, browser and applications updated.
• Only download apps from official stores.
