Scams and Phishing
How to recognise and report online scams.
Phishing is a particular type of digital scam aimed at inducing users to provide sensitive and/or confidential data (such as user name, password or other personal information, bank credentials, etc.). This cyber threat consists in the delivery of messages that look like the forms of communication of a known company, sometimes bearing its name and/or logo, thus misleading users who place their trust in the brand that appears in the communication.
Be careful about ongoing scams
We are detecting the presence on the network of communications, messages, posts and sponsored contents apparently coming from Eni and/or directly from our Chief Executive Officer, Claudio Descalzi.
These communications do not come from Eni or its Chief Executive Officer. These messages unduly exploit Eni and its Top Management’s image and reputation, leading the user, through links in the text, to websites not belonging to Eni, fake accounts and specifically created social pages.
In these scam messages, reference is often made to aid programmes, grants or economic bonuses of various kinds, such as periodical fixed economic rents or fuel vouchers, encouraging the user to sign up to the initiative and communicate data or even preferences in relation to any questions posed.
In conjunction with the relevant Authorities, Eni works daily to combat these scams and other unlawful profiling and disinformation campaigns.
There are various types of deceptive approaches: find out more by clicking on each topic.
The victim is contacted for a job offer at Eni by so-called recruiters or Eni executives. With this scam technique, the victim is often asked for a sum in advance for the purchase of technical material. Other times, the victim is asked to receive a sum of money from their bank account to be transferred to another account indicated by the scammer, withholding a percentage of the same amount (see "Money muling" below).
To avoid falling into this type of scams, we remind you that Eni proceeds to contact potential candidates for work positions exclusively:
- via email addresses ending with @eni.it or @eni.com or @example.eni.it or @example.eni.com
- via Linkedin with Eni’s official account (find out how to check if a Linkedin account is legitimate here)
Senders such as, for example, firstname.lastname@example.org, email@example.com and firstname.lastname@example.org are to be considered not legitimate.
The victim is contacted by a person who deceitfully declares to be one of Eni’s employee, often "offshore", manifesting an urgent need for money for:
- repairing a damaged mechanical part
- issues related to their bank account
- other fake reasons for not being able to move or get money (for example, due to illness, broken means of transport, problems with the police, etc.).
Sometimes, to increase credibility, the scammer accompanies the request for money with attachments (email or via chat) depicting company badges and (obviously false) contracts awarded, in Eni’s name.
Often all this happens after the scammer has previously established a romantic relationship - usually via social networks - with the victim. This is why the scheme of this scam is also known as "Romance scam".
To know more, read here.
It may occur that the two previous fraudulent modes (Job scam and Romance scam) are conveyed with a variant, called "Money muling". It is a technique whereby the fraudster transfers money, obtained illegally, using the victim's current account as a "bridge of passage" for the final destination, or of course another landing account. The victim is promised and/or recognized a small percentage of the transferred amount.
In essence, it is a matter of money laundering aimed at shielding both the real sender and the real recipient of the transaction.
To know more, read here.
This type of fraud consists in the promotion of disinformation and profiling campaigns that abusively exploit Eni’s brands, names and people and leverage the attractiveness of topics such as "investments" and "economic bonuses", for example periodic or fixed economic rents or fuel vouchers.
These campaigns set up fake websites, fake accounts, and fake pages on social networks to sponsor initiatives. They also use other propagation systems, the so-called "chain letters", taking advantage of widespread instant messaging service chats (e.g. Whatsapp). Recipients reached by such campaigns are often asked to fill out online forms to obtain personal data, or questionnaires are submitted whose answers allow them to profile the recipient.
How to recognise phishing and other online scams
- First, read the text of the messages you receive carefully: attempts to deceive the reader are often poorly written, with spelling mistakes and grammatical errors.
- If the message you receive contains a link, check well who sent it to you. You can check the correspondence between the link text and the actual address by positioning the cursor above it, without clicking.
Do not click on the link if you are not sure of the sender.
- Do not open the attachments. Always check the sender first, especially with attachments with .exe, .zip, .rar, and .xls extensions. They may contain viruses or malware..
- Do not provide login credentials, passwords, social security numbers or other personal and private information.
- Be informed. Scam attempts come in different forms: they may be disguised as professional, financial communications, job advertisements, requests for personal assistance and others besides. If you are in doubt about the legitimacy of a communication from Eni, use the official channels.