Phishing is a civil and criminal offense.
It consists of a fraudulent "social engineering" technique aimed at stealing personal and sensitive information such as personal data and passwords to act on online current accounts, credit card codes and so on.
Typically, by sending chain emails to a large number of unknown users, containing messages, information and images formulated to influence the psychology of the recipient, the victim is induced to connect to web pages, apparently coming from real organizations, institutions or companies.
Not only that. The recipient of the email is prompted to enter their credentials to access restricted areas, especially home banking, by clicking on links specifically prepared by the phisher, or redirected, through viruses that the phisher has infected the victim's computer to alter the management of IP addresses, to a fake web domain that will capture the unfortunate person's banking access keys, proceeding to empty his account.
From the point of view of the tort, the conduct of the phisher constitutes an extra-contractual liability which obliges the compensation of pecuniary and non-pecuniary damages caused to the victims.
For example, there is the liability of the credit institution, obliged to compensate the damages suffered by the account holders, on the basis of the inadequacy of the "security measures, technically suitable and known on the basis of technical progress" aimed at "avoiding fraudulent withdrawals (so-called phishing)" (Palermo Court no. 81/2010; Siracusa Court, 15.3.2012), or the liability of the telephone operator, on the basis that, in the matter of banking crimes committed through the network, the latter was responsible for detecting any suspicious activity and promptly warning the user (Benevento Court, no. 1506/2009).
Furthermore, the civil liability of the phisher is accentuated by multiple further violations sanctioned by the privacy legislation”.
Furthermore, the civil liability of the phisher is accentuated by multiple further violations sanctioned by the privacy legislation”.
In the criminal field, depending on the case, the crime of fraud, illicit processing of personal data, computer fraud, unauthorized access to a computer or telematic system, improper use of credit and payment cards, damage to information and computer or telematic systems, false declaration or attestation on the identity or personal qualities of oneself or others, impersonation, etc. may arise.
Given the absence of an organic discipline of the matter, one can rely on the protection offered by civil and criminal laws and special laws.
Alternatively, the user can also contact the Financial Banking Arbitrator (ABF), a body introduced by art. 128-bis of law 262/2005 ("Banking Law"), for the out-of-court settlement of disputes between customers, banks and other intermediaries concerning banking and financial transactions and services.
Recourse to the ABF obviously does not preclude access to ordinary civil proceedings, given that the decisions of the same are not binding.
Alternatively, the user can also contact the Financial Banking Arbitrator (ABF), a body introduced by art. 128-bis of law 262/2005 ("Banking Law"), for the out-of-court settlement of disputes between customers, banks and other intermediaries concerning banking and financial transactions and services.
Recourse to the ABF obviously does not preclude access to ordinary civil proceedings, given that the decisions of the same are not binding.
In any case, anyone who receives these emails and thinks they are a victim of phishing, in addition to not clicking on the links, must contact the postal police, reporting the facts and indicating the header of the message they received, so as to activate all the necessary checks and take appropriate action.
CyberSecurity 360 
