The National Institute of Cybersecurity (INCIBE), an entity under the Ministry of Economic Affairs and Digital Transformation, has answered more than 67,000 queries during 2022 on its helpline 017 and its different contact channels WhatsApp, Telegram and web form.

Specifically, 44,331 were managed by telephone, 17,014 through chat channels and 5,977 by email.

017 is a free and confidential service, financed with European funds from the Recovery Plan, which is available from 8 in the morning to 11 at night, 365 days a year. It is managed by professionals who offer technical, psychosocial, and legal advice, depending on the subject of each query and aimed at companies and citizens, with special emphasis on minors. In 2023 this service will continue to increase its capacities to increase the number of beneficiaries it can reach daily.

Since this short cybersecurity help number was launched in February 2020, the service has answered more than 184,000 queries, of which more than 113,000 are from users concerned about their cybersecurity. Thus, an average of more than 1,295 weekly consultations has been reached throughout 2022. Half received preventive help (resolving doubts) and the other half reactive advice (they had already been victims of an incident), with a small proportion who contacted to receive information on cybersecurity.

Consultations of minors and their environment

Among minors and their environment (parents and educators), the growing concern for privacy and reputation on social networks and the Internet stands out (32.4%), online fraud (14%) and school cyberbullying (10.1%). The ranking is completed by: sexting, device protection, harmful content and parental mediation, among other topics.

On the other hand, almost half of the consultations (46%) were made by families, followed by adolescents between the ages of 12 and 18 (21%), and educators, with 11%. The rest of the doubts came from professionals in the field of minors and other groups.

Citizen inquiries

Among citizens, the three issues that most concerned them during 2022 have been: online fraud related mainly to phishing and smishing (19.1%), identity theft (11.8%) and other scams related to it (10 .9%). In addition, they complete the list: vishing (fraudulent calls), intrusion and privacy, among others.

Business inquiries

Companies used this service to ask questions about phishing, smishing or extortion (20.8%), Business Email Compromise, BEC, or CEO fraud (15.3%) and employee awareness and good practices in cybersecurity (12.5%). They complete the list of the most recurring issues: fraudulent calls, both extortion and scams; the ransomware-type cyberattack; impersonation in social networks and legal issues, among others.

Finally, 33% of the queries focused on professional services, followed to a lesser extent by retail (11%), industry (3%) and education (3%). Other sectors with concerns about cybersecurity were the administration, leisure, associations, health, wholesale trade, cybersecurity companies, logistics and construction.

The internet is a wonderful place, full of information, entertainment, research, but it can also be a dark place, rich in viruses, malware, fraudulent pages, and just like anything related to technology, these threats are changing, adapting, and improving all of the time, so it is important we are aware of threats, and, hopefully, avoid becoming the latest in a long list of victims.

Making sure we have a good, and up-to-date, virus package is crucial, but the safe use of devices with an internet connection is not limited to protecting yourself with antivirus software, we must also learn to identify certain tricks that proliferate on the Internet, always with the intention of taking over our personal data, our money, or both at the same time.

Hackers are constantly updating their attacks with the goal of achieving greater success. In Spain, the Internet User Security Office (OSI) regularly notifies every one of the latest threats that lie in wait for us, here are just some of the most recent.

Phishing (pronounced: fishing) is amongst the most common activities criminals use to try to steal money, or your identity, by getting you to reveal personal information — such as credit card numbers, bank information, or passwords — on websites that pretend to be legitimate. There are however other variations of this scam.

Vishing

What is Vishing?

Vishing, or “voice phishing”, is similar to phishing, in that the objective is to obtain personal details or bank details, but in this case, the contact is carried out over the telephone, using a real voice, deceiving the victim by impersonating a trusted third party.

Scammers call the victim posing as a recognised entity or organisation and persuade them to reveal private information.

What kind of messages do they send?

There are numerous different ways that this fraud is carried out, such as a person claiming to be an employee of your bank, who calls you claiming someone has made a suspicious charge to your card and they need to verify some information.

Sometimes, they call pretending to be from a retail outlet, such as a supermarket, to ask you to carry out a survey and they will reward you with a gift voucher, for which they ask for your card details to make the deposit.

What should you do against vishing?

Hang up the call and do not offer any information over the phone. Your real bank wouldn’t ask for them. If you have any doubts, contact the entity yourself, using contact details you already have, never details given to you by the caller to encourage you to check.

Smishing

What is Smishing?

In this variant of phishing, cybercriminals use text messages to mobile phones, the famous SMS, which is where the SM in smishing comes from, to send us an alarming message that encourages us to call a special rate number or access a link.

What kind of messages do they send?

They may notify us that our bank account has been blocked and, if we want to reactivate it, we have to click on a link that takes us to a web page similar to that of the bank.

Another common fraud is that the message tells you that the post office of courier company has a package has been retained at customs and we have to pay the fees on the linked website.

What should you do?

Be wary of this type of message and, if you think there is a real problem, call your bank or courier directly to verify it, again, using contact details that you already have.

Asking for money by WhatsApp

What does it consist of?

An unknown number sends a WhatsApp message to us, and despite the number being unknown, the message claims to be from a relative or friend who has had an emergency, often claiming that they have lost their original phone to justify the use of the unknown number.

What kind of messages do they send?

Your son or a good friend has lost his phone and urgently needs money.

What should you do?

Be suspicious of this kind of message. If it sounds plausible to you, it is best to call your contact, the person who is in trouble, and check that the story is true.

Social engineering

What does it consist of?

Digital thieves contact us through social networks and use a story to make us provide them with our data.

What kind of messages do they send?

A fake Instagram account notifies us that we have won a giveaway (in which we may have participated through a real account).

They tag us on Facebook so that we can participate in a survey in exchange for a gift for which we only have to pay the postage (they only want our data, the prize will never arrive).

A WhatsApp message links us to a draw for 5,000 flights if we answer a survey and then forward the message to a few contacts.

What should you do?

Do not cheerfully hand over your data to the first person who asks for it, even if it is on social networks and pretends to be a contact or company you know. If you have participated in an official raffle, always check who the sender of the message is and that the account that has contacted you is the authentic one.