Electronic fraud

Electronic fraud has grown considerably and more frequently we receive communications (email, SMS, etc.) requesting information about security alerts, extortion, etc., without the certainty of whether they are reliable or fraudulent communications and without knowing the consequences of mismanaging them.

Current electronic frauds

Fraud through electronic media has become an increasingly common practice. practice and here are some examples:

Phishing: Cybercriminals carry out scams and obtain information from their “victims”, such as bank details, personal passwords, using e-mails, instant messaging or even telephone calls as viable channels for these frauds.

Smishing– Phishing variant is executed via SMS, of the logistical type“Your package cannot be delivered due to an error in the delivery address” and offering as a solution to access a website, which usually prompts as a final solution the download of an application that infects the computer with a Trojan (malware that allows remote access to the computer by the attacker).

Pharming– Impersonating the identity of prestigious companies (banks or courier companies) or public entities (social security, city councils), where web pages are recreated that appear to be real and the user accesses them believing that they are the corresponding ones, entering the data requested in the forms that are inserted in them, revealing personal access credentials.

Spam: In the same way, our web pages are subject to fraud, since false campaigns are also carried out where emails are received indicating that a security breach has been detected and that in order to avoid accessing the database, a payment is requested. These communications reach us from the web contact forms.

In some cases, it is even claimed that the website has been attacked and that all the information has been stolen and a monetary “ransom” is requested.

Not to mention that any of these communications can spread malware.

Reporting electronic fraud

If you have been a victim of electronic fraud, report it to the police.

Collect all the information and alert the entities whose identity has been impersonated, so that they can extend it to other customers and prevent others from falling into these frauds.

Inform the National Institute of Cybersecurity (INCIBE) at incidencias@incibe-cert.es.

Protection against electronic fraud

Our Valencia office frequently receives queries from clients who find themselves in these situations and where the protection of their data protection is the main concern, as the damage caused by these illegal practices can be irreversible.

The following are some of the minimum recommendations:

-Approval by Management of Security Policies based on the RGPD, ISO 27001 or the National Security Scheme(ENS), through expert consultants.

-Staff training on data protection, information security and cybersecurity.

-Sign up for security alert bulletins. For example: https://www.incibe.es/newsletter/subscriptions?opcion=si

-Include a captcha in web contact forms.

-Always check the senders of the information, which will give us the option of discarding those that present us with doubts. For example: Verify if the sender’s domain coincides with that of the real entity or consult beforehand with the real entity if that communication is truthful.

-Never open suspicious attachments, such as invoices or bank statements, if you do not acknowledge having dealt with those entities. The same applies to links that are attached in the statement.

-Never fill out forms that involve the inclusion of personal data, if you are not absolutely sure that the page to which we have been redirected is authentic and the data are necessary according to the purpose for which they are being requested.

-Check that the web pages have security elements, such as https:// in their electronic address.

-Check the wording of the messages we receive, because if they have spelling mistakes or the wording does not match the type of sender, or is too general, it may surely be a fraud.

But the most important measure you can take to avoid falling for these scams is to put yourself in the hands of a cybersecurity specialist. cybersecurity specialist y data protection because they will offer you all the technical and organizational security measures to implement in your organization and also to comply with the European and Spanish data protection regulations RGPD and LOPDGDD.

We can help you. Contact us.

Business Adapter Legal Department

Contact us, we will be pleased to help you.
error: Content is protected !!