In an ever-changing digital landscape, cybercrime is progressing at an incredibly fast pace.

While new trends and sophisticated threats constantly emerge, email and phishing messages have become the primary infection vector [1]: over 90% of malware and 72% of data breaches in organisations originate from phishing attacks [2].

But what is phishing?

The most traditional concept of phishing refers to fraudulent messages or emails that trick computer users into sharing sensitive personal, financial or security information.

This information is then used for a variety of purposes ranging from financial gain, identity theft, crippling down computer systems through to espionage.

In light of people’s increased mobility and today’s diversity of messaging platforms, phishing attacks have dramatically evolved becoming a highly complex phenomenon: they are now perpetrated through text/SMS (Smishing), voice/phone calls (Vishing), mobile apps, social media. Today, phishing has many faces and many names including fake or spoofed sites, CEO frauds, whaling, spear phishing, BEC attacks.

Phishing attacks affect everyone, from consumers and enterprises to governments and regulated financial services. Last year, 75% of EU’s Member States disclosed cases of phishing.[3] Even when only one user falls victim to a phishing attack, its impact can be devastating to an entire organization.

How to prevent a bank phishing attack?

In the current threat landscape, we all need to stay alert: sharing personal data with the wrong people or networks can have unfortunate consequences. It is necessary to be especially vigilant whenever any sensitive information, such as your online banking account password, are requested. Here are some prevention tips [4]:

  • Beware of unsolicited phone calls, text message or suspicious emails in particular when these are pressing you to answer and share your data quickly.
  • Do not click on links, attachments or images that you receive in a suspicious email or unsolicited text messages without first verifying the sender.
  • Look at the email or text message closely: compare them with previous real messages from your bank.
  • Check for bad spelling and grammar.
  • Do not reply to a suspicious email and never respond to a text message asking you to share your PIN or your online banking password or any security credentials.
  • Never share this kind of information in case of unsolicited phone calls.
  • When in doubt, contact your bank.


Knowing your own bank’s payment authorisation process and getting familiar to it on both the bank’s website and app will help you better recognise fraudulent communications.

Always keep in mind that your bank will never ask you for sensitive information such as your online account credentials over the phone or email.

PSD2: enhanced users’ protection from phishing

The revised Payment Service Directive PSD2, the new European legislation regulating payment processes in the EU, has added extra levels of authorisation onto e-payments to protect users from phishing as well as from other frauds.

Banks are required to use strong multi-factor customer authentication for electronic transactions: two-factor authentication (2FA) is one approach to achieve more secure transactions and protected data.

Stay informed on any changes introduced by your bank and make sure you always use their latest and most secure authorisation method.

MyBank payments help you stay safe

Fully PSD2-compliant e-payment solution MyBank is a wise choice for secure transactions. Paying online with MyBank ensures digital identity protection: neither new registrations nor new passwords are requested, and users’ data are never shared with any third-parties.

Users benefit from e-payment processes based on the most up-to-date secure web standards and protocols: payments are made in the safe digital environment of their own bank.

MyBank will never ask users to share their sensitive data over the phone or email.


The internet has grown, and so has the vulnerability of sharing personal data. Online shopping, social media, and many of the actions we undertake online have made information easily accessible to cyber-criminals, who always try to find new ways to trick users into sharing their personal, financial or security information.

Preventing a phishing attack requires a higher level of alert and a cautious approach to any unsolicited text messages, phone calls or suspicious emails.

When paying online, it is vital to use the most secure authorisation methods and make sure your data are not shared with any third-parties. MyBank solution offers secure payments and protect users from online frauds.

27 Sep 2019

Contact us for further information


MyBank privati


MyBank privati