Any of us can be victims of a digital scam. Who has not ever received a fraudulent email impersonating a company or mistakenly clicked on a false advertisement on the Internet? Up to 85% of all emails sent in the world are spam. In recent years, and especially during the Covid-19 pandemic, the hackers They have intensified and sophisticated their attacks and there are many scams that we can face: telephone fraud, false websites and advertisements, email attacks, instant messaging fraud …
Knowing the online threats that circulate on the Internet and following good digital practices is key to not becoming a victim of these attacks. To this end, CaixaBank develops awareness actions aimed at both employees and customers, through InfoProtect and CaixaBank Protect.
Coinciding in October with the cybersecurity awareness month, the entity has developed a campaign to reinforce the safety culture among employees and customers. Throughout the month, CaixaBank will disseminate different content related to this topic, organize sessions on-line, conferences to explain fundamentals and concepts of cybersecurity to prevent being a victim of fraud … among other activities.
Educating in digital security and showing the risks that we face as users are some of the objectives of the entity, which offers advice and good practice guides to learn how to use digital environments in a responsible and safe way.
Surf the internet safely
When browsing the Internet we must follow some recommendations and take into account some tips:
- It is essential to be careful with the websites we visit and the files we download.
- In case of using public WiFi connections, we must avoid browsing web pages that ask for any type of personal or financial information, user name and passwords, etc. We must also avoid shopping on-line with public WiFi.
- Having an updated and well-configured antivirus will avoid many problems, although we have to be aware that the antivirus does not guarantee our 100% security.
- Having the operating system and installed applications correctly updated is an essential technical requirement to try to prevent cybercriminals from entering our computers, although it is never enough.
- Do not access websites of dubious reputation. To verify the legitimacy of a website, we must also check the legitimacy of its digital certificate, checking that it is current and that it has been issued for the website we want to navigate through. The “famous” padlock does not mean that the website is legitimate, for this it is essential to check the associated certificate.
- We must be especially careful with the ‘digital identity’ that we create and upload only that information about ourselves that we consider 100% public.
The access codes are personal and non-transferable. They protect all the information in our digital environment: personal data, bank accounts, social networks, confidential information, images and content of any kind.
- It is important to create strong passwords that are difficult to guess. For this, it is recommended that they have at least 8 characters, between uppercase, lowercase, symbols and numbers. And it will always be better if it does not contain words included in the dictionary. We must try to be creative and original and not put personal dates, the classic 1234 or the name of our mascot.
- Sharing passwords is a very dangerous practice. The transfer of passwords plays a key role in some of the most well-known frauds, such as proximity fraud that occurs when we give our keys to a family member, friend or acquaintance and he uses them to commit a crime or a completely fraudulent operation. illicit. Before any suspicion of compromise of any of our passwords, we must change it as soon as possible.
- To store and remember all the access codes that we have generated, the safest option is to use password managers. These applications keep them encrypted and protected with a unique password, which gives access to all of them.
Detect fraudulent emails
The phishing It is one of the techniques most used by cybercriminals to steal personal and banking data. With the help of social engineering techniques, the cybercriminal impersonates known entities, people, brands or services to try to deceive their victims. Their ultimate goal is usually money and / or obtaining sensitive information, generally requesting the data through fake web pages or infecting the computer by downloading a malware. When we receive a new email, we should ask ourselves some questions:
- Who sends the mail? It is essential to analyze in detail the sender’s email address and not trust only the name that it shows us. It is necessary to confirm that the email address has the official domain of the company and not be fooled by small changes, sometimes almost imperceptible.
- Is the message suspicious? The cybercriminal can create emails that inspire trust or curiosity, impersonating a company, a video platform on streaming or simply writing an attractive message that prompts you to click on a link or file. Unexpected emails or responses that we have not requested should not be relied upon.
- Is it an urgent request? Creating a sense of urgency is a common resource among hackers. In addition, the concept of confidentiality is also widely used in these types of scams.
In the event of the slightest doubt, it is advisable to contact the sender by another means (telephone …) to confirm the legitimacy (although never by the telephone number that may appear in the mail).
Protect your mobile
Mobile phones are small computers with a large amount of very valuable information. They are devices that we must treat with great care, since they are exposed to security risks.
- Activate and set the automatic phone lock. With this simple measure, we help keep our personal data safe when we are not using it.
- Do not leave devices with Bluetooth or WiFi connection permanently activated and avoid using unknown WiFi connections.
- Periodically, it is convenient to make backup copies of the information that the mobile device contains, to be able to recover it in case of incidents or loss.
- Promptly update the mobile operating system, as well as the applications.
- It is essential to install an antimalware application, since mobile phones can also be infected.
When we download applications on our mobile devices, they ask us for permissions to access certain functionalities of the device. Some require what is strictly necessary to fulfill their mission, but others try to access our personal information by asking for permissions that they do not need. Before accepting the download of a app, we must pay attention to the privileges requested and assess whether they are justified or excessive.
- Review the permits they request from us. The most common accesses are calls and messages, calendar, contacts, location, camera and image gallery, and microphone. Are they really necessary for the operation of the app?
- Download apps only from official sources. When we remove the security limitations imposed by the mobile manufacturer to, for example, avoid paying for certain apps, we are doing a jailbreak, an action not recommended.
- We all run the risk of being infected, but to protect ourselves we must install a app security on the mobile, either Android or iOS.
- When we want to download an application, it is preferable to do it from a secure WiFi network. Public WiFi does not offer any guarantee of security.
Secure online shopping
Every day more users decide to make their purchases on-line. E-commerce, which has seen a boom in recent years, is convenient and practical, and with the right protection measures, it is also safe.
- Beware of super offers and links. Abnormally low prices can be a trap to attract unsuspecting buyers; For this reason, it is better to inquire about other websites and other distributors to confirm the real market value of the item.
- Never use a public connection to make purchases on-lineas they do not offer any guarantee of safety.
- Prioritize the purchase in stores that have registered the Secure Electronic Commerce service (CES), for example “Verified by Visa” or “Mastercard Secure Code”.
- Periodically reviewing the status of our cards and accounts is a good security measure for buyers on-line.
In addition to all of the above, there are always new avenues for cybercriminals, such as the romance fraud (type of fraud that occurs mainly in dating applications or contact websites whose objective is to attack the feelings and confidence of the victim as the main asset to convince them and thus manage to deceive them to get them to swindle large amounts of money), fake vacation rental ads on the internet (Cybercriminals use legitimate and trustworthy web platforms in which they publish fake housing ads, at very attractive prices and with photographs that attract the attention of the victims) or the vishing (scams through calls or voice messages).
With the aim of becoming a source of reference for customers and users, CaixaBank has renewed the security space of the entity’s public website. On the other hand, every three months, the Security team coordinates with different areas the creation of three articles on current issues related to digital security. Another initiative carried out is the newsletter InfoProtect Security News, which is sent every 15 days to CaixaBank employees with articles and reports related to the world of cybersecurity. The entity also conducts courses, sessions on-line, simulations and other actions to sensitize employees about the importance of knowing how to identify emails phishing, among other topics on cybersecurity.
In addition to taking into account all these tips and recommendations, the caution and the utmost attention on our part, as well as know when to suspect it is key to not being a victim of cyber attacks.