What is it?

An attack through malware-infected USB devices that have been deliberately placed in a public place so that victims connect them to their computers.

How does it work?

You find a USB stick in the vicinity of your workplace or in any other public place and you are curious to know what it contains or who owns it. You connect it to your computer and this device, infected with malware, hijacks all the information you have stored on your computer.

How can I protect myself?

• If you find an external storage device in your workplace, hand it over to security personnel. Never connect a lost USB device to your computer.
• On your personal computer, install and keep an antivirus program up-to-date at all times.

What is it?

Malicious software incorporated in some programs and websites that, when run, damages the computer or manages to access the information stored on it.

How does it work?

You visit a website or download an application that has previously been infected with malicious advertising. After carrying out one of these actions, the malware would be installed on your hardware or device if you did not update your software or have an antivirus program installed and running.

How can I protect myself?

• Keep the software and applications on your computer and mobile device up-to-date at all times.
• Install an antivirus program and keep it updated as well.
• On your mobile device, only download applications from official stores: Google Play or App Store.
• Use tools to detect infected websites, such as Google Safe Browsing.

What is it?

A cyberattack through malicious attachments that, once downloaded by the victim, take control of their computer, hijacking and encrypting their documents.

How does it work?

You receive an email asking you to download an attachment that pretends to be an invoice, an official notification from some authority or some other type of document that you have supposedly requested.

Your operating system is not up-to-date and, furthermore, you do not have an antivirus or antimalware program installed, so when you download the infected file, the malware spreads through your computer and encrypts all the documents that you have hosted on it. The cybercriminals then ask you for money to restore access to your hardware and decrypt and return your information.

How can I protect myself?

• Make backup copies of your important files and store them outside of your computer.
• Keep the operating system on your devices up-to-date at all times.
• Install an antimalware program and keep it running.
• Use tools that reduce the risk of infection by this malware. NoScript is available in the Chrome Web Store and Firefox.
• Only download applications from official stores: Play Store and App Store.
• The authorities recommend never paying a ransom, since there is no guarantee of information recovery even if the payment is made.

SIM SWAP is a fraud technique that involves the fraudulent duplication of the victim's mobile phone SIM card by a criminal, who impersonates the victim's identity. Whilst the victim is left without telephone service, the criminal can access their personal information and takes control of their online banking using the verification SMS that is sent to their cell phone.

This technique is usually preceded by a Phishing or Vishing attack through which cybercriminals try to get the customer's username and password, which, together with the transaction authorization SMS, provides all the information needed for fraud purposes.

What is it?

Fraudulent messages (via WhatsApp or SMS) in which they impersonate known companies to request personal and private information from users.

How does it work?

You receive an urgent message about a promotion, a prize or a very attractive offer, and they ask you to call, reply to the message or click on the link included to get it.

Another variant of smishing is based on impersonating a bank to inform you that you must reactivate your account or verify/update information.

How can I protect myself?

• Do not visit web pages from links included in messages.
• Do not provide your private information if you receive such a message.
• Contact the bank that they claim to represent, via an official telephone number or channel, if you are unsure if a message is genuine.

What is it?

Spyware that is installed on users' computers when they download an infected attachment or install a program that contains this disguised software. It can collect private information from users, such as browsing habits, email addresses, passwords, bank details, etc.

How does it work?

You search the internet for a website to watch your favorite series. You find a one that looks good, but you are asked to download a video player, supposedly required to view it. You download it and, without you seeing any kind of effect or unusual behavior on your computer, this disguised player software starts collecting information about your activity on the internet, your computer's operating system, etc.

How can I protect myself?

• Don't download or install programs from websites you aren't completely sure about.
• Use an anti-spyware program; these tools perform a computer analysis to locate any such threat and, if it is infected, proceed to remove it.
• Always keep your computer's operating system and programs up-to-date.
• Activate the anti-spam filters of your email and do not download attachments from spam or any other email that is suspicious.

What is it?

A scam carried out through phone calls in which attackers usually pose as employees of a call center to obtain confidential data from users.

How does it work?

You receive a phone call from a supposed technician from a well-known company; for example, you are told that there has been an unusual transaction on one of your accounts or that your hardware has been infected, so they must access it remotely to solve the problem. After gaining access to your private information and documentation, you will be asked to make a bank payment as a sort of ransom, or the details of your credit card, claiming that you must pay a fee for the service provided.

How can I protect myself?

• Do not provide private information in received phone calls.
• Be wary of calls that are rushed and in which they ask for confidential information.
• As a general rule, do not call unknown numbers back.