Educating about digital security and showing the risks we face as users are some of the objectives of CaixaBank, which offers advice and good practice guides to learn how to use digital environments responsibly and safely.
Any of us can be victims of a digital scam. Who has not ever received a fraudulent email impersonating a company or has mistakenly clicked on a false advertisement on the Internet? Up to 85% of all email sent in the world is spam. In recent years, and especially during the Covid-19 pandemic, hackers have intensified and sophisticated their attacks and there are many scams that we can face: phone fraud, fake websites and ads, email attacks, fraud via instant messaging, any method you can think of.
Knowing the online threats that circulate on the Internet and following good digital practices is key to not becoming a victim of these attacks. To this end, CaixaBank carries out awareness actions aimed at both employees and customers, through InfoProtect and CaixaBank Protect.
Coinciding in October with cybersecurity awareness month, the entity has developed a campaign to reinforce the culture of security among employees and customers. Throughout the month, CaixaBank will disseminate different content related to this topic, will organize online sessions, conferences to explain the fundamentals and concepts of cybersecurity to prevent being a victim of fraud, among other activities.
Educating in digital security and showing the risks we face as users are some of the objectives of the entity, which offers advice and good practice guides to learn how to use digital environments responsibly and safely.
Browse the Internet safely
When browsing the Internet we must follow some recommendations and take into account some tips:
-It is essential to be cautious with the websites we visit and the files we download.
-In case of using public WiFi connections, we must avoid browsing web pages that ask for any type of personal or financial data, username and passwords, etc. We should also avoid making purchases online with public WiFi.
-Having an up-to-date and well-configured antivirus will prevent us from many problems, although we have to be aware that the antivirus does not guarantee our security 100%.
-Having the operating system and installed applications correctly updated is an essential technical requirement to try to prevent cybercriminals from entering our computers, although it is never enough.
-Do not access websites of dubious reputation. To verify the legitimacy of a website, we must also check the legitimacy of its digital certificate, checking that it is valid and that it has been issued for the web page we want to browse. The "famous" padlock does not mean that the website is legitimate, for this it is essential to check the associated certificate.
-We must be especially vigilant with the 'digital identity' that we create and upload only that information about ourselves that we consider 100% public.
Access keys
The access codes are personal and non-transferable. They protect all the information in our digital environment: personal data, bank accounts, social networks, confidential information, images and content of any kind.
-It is important to create strong passwords, difficult to guess. For this, it is recommended that they have at least 8 characters, between uppercase, lowercase, symbols and numbers. And it will always be better if it does not contain words included in the dictionary. We must try to be creative and original and not put special personal dates, the classic 1234 or the name of our pet.
-Sharing passwords is a very dangerous practice. Password sharing plays a key role in some of the most well-known frauds, such as proximity fraud. This type of fraud occurs when we give our passwords to a family member, friend or acquaintance and they use them to commit a crime or a fraudulent operation in a completely illegal way. In the event of any suspicion of compromise of any of our passwords, we must change it as soon as possible.
-To store and remember all the access codes that we have generated, the safest option is to use password managers. These applications store them encrypted and protected with a single password, which gives access to all of them.
Detect fraudulent emails
Phishing is one of the techniques most used by cybercriminals to steal personal and banking data. With the help of social engineering techniques, the cybercriminal impersonates well-known entities, people, brands or services to try to deceive their victims. Their ultimate goal is usually money and/or obtaining sensitive information, usually by requesting data through fake web pages or by infecting the computer by downloading malware. When we receive new mail, we should ask ourselves a few questions:
-Who sends the mail? It is essential to analyze in detail the sender's email address and not trust only the name it shows us. It is necessary to confirm that the email address has the official domain of the company and not be fooled by small changes that are sometimes almost imperceptible.
Is the message suspicious? The cybercriminal can create emails that inspire trust or curiosity, impersonating a company, a streaming video platform or simply writing an attractive message that encourages clicking on a link or file. Unsolicited emails or unsolicited responses should not be relied upon.
- Is it an urgent request? Creating a sense of urgency is a common resource among hackers. In addition, the concept of confidentiality is also widely used in this type of scam.
In the event of the slightest doubt, it is advisable to contact the sender by another means (telephone...) to confirm the legitimacy (although never by the telephone number that may appear in the mail).
Protect the mobile
Mobile phones are small computers with a large amount of very valuable information. They are devices that we must treat with great care, since they are exposed to security risks.
-Activate and set the automatic lock of the phone. With this simple measure, we help keep our personal data safe when we are not using it.
-Do not leave devices with Bluetooth or Wi-Fi enabled permanently and avoid the use of unknown Wi-Fi connections.
-Periodically, it is advisable to make backup copies of the information contained in the mobile device, in order to recover it in the event of incidents or loss.
-Update promptly the mobile operating system, as well as the applications.
-It is essential to install an antimalware application, since mobile phones can also be infected.
Installation of applications
When we download applications on our mobile devices, they ask us for permissions to access certain functionalities of the device. Some require what is strictly necessary to fulfill their mission, but others try to access our personal information by asking for permissions that they do not need. Before accepting the download of an app, we must pay attention to the privileges it requests and assess whether they are justified or excessive.
-Review the permits requested. The most common accesses are calls and messages, calendar, contacts, location, camera and image gallery, and microphone. Are they really necessary for the app to work?
-Download apps only from official sources.
-When we eliminate the security limitations imposed by the mobile manufacturer to, for example, avoid paying for certain apps, we are doing a jailbreak, an action that is not recommended. With this, we eliminate the security barriers that come from the factory and it can cause us more problems than benefits.
-We all run the risk of being infected, but to protect ourselves we must install a security app on our mobile, be it Android or iOS.
-When we want to download an application, it is preferable to do it from a secure WiFi network. Public WiFi does not offer any guarantee of security.
Secure online shopping
Every day more users decide to make their purchases online. Electronic commerce, which has experienced a great boom in recent years, is comfortable and practical, and applying the appropriate protection measures, it is also safe.
-Beware of super offers and links. Abnormally low prices can be a trap to attract unsuspecting buyers; therefore it is better to investigate other websites and other distributors to confirm the real market value of the item.
-Never use a public connection to make purchases online, as they do not offer any security guarantee.
-Prioritize purchases in stores that have registered the Secure Electronic Commerce (CES) service, for example “Verified by Visa” or “Mastercard Secure Code”.
- Periodically reviewing the status of our cards and accounts is a good security measure for online shoppers.
Always maintain basic precautions
In addition to all of the above, there are always new avenues for cybercriminals, such as romance fraud (a type of fraud that occurs mainly on dating applications or contact websites whose objective is to attack the feelings and confidence of the victim as the main trump card to convince her and thus manage to trick her into swindling large amounts of money), false vacation rental advertisements on the Internet (cybercriminals use legitimate and reliable web platforms in which they publish false housing advertisements, at very attractive prices and with photographs that attract the attention of the victims) or vishing (scams through calls or voice messages).
With the aim of becoming a reference source for customers and users, CaixaBank has renewed the security area of the entity's public website. On the other hand, every three months, the Security team coordinates with different areas the creation of three articles on current issues related to digital security. Another initiative carried out is the InfoProtect Security News newsletter, which is sent every 15 days to CaixaBank employees with articles and reports related to the world of cybersecurity. The entity also carries out courses, online sessions, simulations and other actions to make employees aware of the importance of knowing how to identify phishing emails, among other cybersecurity topics.
In addition to taking into account all these tips and recommendations, caution and maximum attention on our part, as well as knowing when to suspect, is key to not being a victim of cyberattacks.
