Phishing: news from “Italian Data Protection Authority” in an schedule

By | Monday January 2nd, 2017

In mid December the Italian Data Protection Authority (hereafter IDPA) in the framework of information items aimed to the raise of awareness in the privacy, edited a new schedule about phishing

Phishing is a form of scam made on the Internet through deception of users, and is an unlawful technique used to steal confidential information about a person or a company – like usernames and passwords, access codes (such as mobile phone PIN), bank account numbers, ATM and credit card data – with the ‘intention to carry out fraudulent transactions. Phishing is performed by sending an e-mail message in appearance from the service provider or by the creation of web pages, always referring to the manager, whose purpose is to steal personal data of the customer, to be used for payments with sums withdrawn from his/her account or to transfer the amounts over other accounts. IDPA underlines that the identity thief appears as an institutional entity (e.g. bank, manager of credit cards, public authority, etc.) inviting the potential victim to provide personal information to solve particular technical problems with the bank account or credit card, to accept contractual changes or promotional offers, to manage the practice for a tax refund, etc.

Usually, phishing e-mails arrive to end users via spam e-mails; deceptive links in some cases do not refer to a copy of the original site, but directly to the actual site of the subject – where it has been previously added a pop-up by the fraudster through abusive computer access. The function of this pop-up is to ask for confirmation, the data of the connected user. Once inserted, the data will be available to the phisher.

According to Italian Crimanal Code the Phishing crime is not specifically provided. As a general rule, the relevant conduct may be punished under Art. 615-quater. (Illegal detention and diffusion of access codes to computer or telematic systems) or Art. 640 (Fraud) of the Code, or under Art. 171. Law 22 April 1941, n. 633 as amended (copyright protection); the same crimes may also be charged as cumulative since the indictment is determined according to the criminal conduct implemented by phishers.

As suggested by IDPA, the main defense against phishers is common sense. Further solutions may be installing and keeping updated on your PC or smartphone anti-virus programs against phishing, protective systems updated to automatically take in spam most of phishing messages, setting complex alphanumeric passwords, changing them often and choosing different credentials for each service used: online banking, e-mail, social networks, etc. unless you have strong authentication systems.

Can we consider such countermeasures as sufficient? First of all, it shall be determined what we are defending, and against whom.

For more details, please refer directly to the IDPA link

Avv. Laura Marretta

Category: Legal framework Sanctions Tags: , , , , , , , ,

About laura.marretta

Avv. Laura Marretta Dopo aver conseguito la Maturità Classica presso l’Istituto Marcelline di Milano e la Laurea in Giurisprudenza presso l’Univeristà Cattolica del Sacro Cuore diventa Avvocato del Foro di Milano ed è Partner dello Studio Legale Internazionale Romolotti Marretta dal 2006. Svolge la propria attività professionale con particolare riferimento ai settori della Privacy e Data Security, Tutela del Segreto Industriale, Diritto della Moda, Energy, e Sistemi di Organizzazione Aziendale (normative UNI CEI ed ISO) nonché in ambito di Certificazioni e Marcatura CE. Svolge il ruolo di DPO presso enti associativi di rilevanza nazionale nonché per conto di società del settore industriale e dei servizi. E’ relatrice presso corsi e convegni sul territorio nazionale, con specifico riferimento ai settori della privacy e della video security. Collabora in pubblicazioni nazionali ed internazionali ( tra le quali numerose edizioni annuali di Doing Business edito dalla World Bank Maturità Classica at Istituto Marcelline of Milan, Graduated in Law at Univeristà Cattolica del Sacro Cuore, Attorney at Law of the Milan Bar, is a Partner of Romolotti Marretta International Law Firm since 2006. Her professional activity is focused on Privacy and Data Security, Trade Secret Protection, Fashion Law, Energy Law, Enterprise Organization (UNI CEI and ISO standards), Certification and CE mark. She is DPO in associations at national level and companies of the industrial and services areas. Speaker at seminars and conferences with specific reference to privacy and videosecurity law, she is a contributor in national and international publications, included several editions of Doing Business edited by World Bank (

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.