How do you shop online securely?

Visiting trustworthy websites and being wary of emails with suspicious-looking links will mean a more secure online shopping experience.

Shopping online is quick, easy and convenient. Having immediate access to digital services has substantially improved our lives, but it has also meant the proliferation of a wide range of scams. It is important to keep abreast of the different types of Internet fraud we might fall victim to, as we will be better equipped to protect ourselves, and to follow a series of recommendations.

Below we explain the key points to make your online shopping experience as secure and pleasurable as possible.

Security tips for your online purchases

With some simple recommendations, you can significantly reduce the risk of falling victim to an online scam. Here are some of the most important:

• Be wary of unrealistic offers. Don’t blindly trust in e-commerce sites that attempt to sell products far below their market price. For example, if you find that €2,000 camera that you’ve had your eye on for a sale price of just €400, don’t be tempted, as it might just be a scam.

• Beware of offers that come to you by email, WhatsApp or other channels if you haven’t requested them. If it turns out to be a scam, it might inject a virus or malware in your device if you should happen to click on the links included in these messages. For example, if you click on an infected link, the criminal might then hack your account or steal your identity. If you do receive a suspicious message, we recommend ignoring it and deleting it immediately without clicking on the link it contains.  

• Keep informed to avoid falling victim to a ‘ghost’ company. Make sure that the e-commerce site you want to buy from has a telephone and a postal address which you can contact in case of problems.

• Read other users’ opinions. Be wary of e-commerce sites with 100% positive opinions and also those which you don’t find any information about on the Internet.

• Keep your antivirus updated. Always having an updated version of your antivirus is very important in online shopping, both on your computer and your phone. In this regard, it is also a good idea to have the operating systems on your devices updated to their latest version.

• Never make a purchase connected from a public Wi-Fi network. You should always make purchases from your own network or from places where you have the utmost trust in the person or institution which is providing the Wi-Fi connection you are operating through.

• Secure URLs. In e-commerce portals, it is crucial that there be a padlock in the browser bar. Click on the padlock and make sure that the address is written properly. 

Discover the keys to your most secure digital banking

Your bank card, a security guarantee

Along with these recommendations, your Banco Sabadell card is also a great ally for enhanced security in your online purchases.

Whenever you need to, you can deactivate your card from being able to make online payments. To deactivate this option, view “your cards” in the Banco Sabadell app, select the one you want to switch off, and in the bottom menu, within “Settings”, you will find the option “Do you want to use your card online?”. With a simple tap you can turn off this option and turn it back on when you want.

In shopping with EMV Chip, your PIN will be requested to reduce the risk of fraud, thanks to its cardholder validation system.

In contactless payments, we will ask for your PIN for purchases that exceed a predetermined amount.

You can adjust the limits on your card for purchases and cash withdrawals.

In the case of suspected loss or theft of your card, you can switch it off temporarily from the Banco Sabadell app. What’s more, if we detect certain unusual patterns or transactions, we will get in touch with you immediately.

Are you having trouble using your card for online purchases? Find out why at our help centre.

The CEO and Man In The Middle fraud are two of the most common phishing attacks, so here's how to avoid and detect them.

The CEO and Man In The Middle fraud are two of the most common phishing attacks, so here's how to avoid and detect them.The most common digital fraud in companies include those related to phishing, a type of cybercrime that consists of fraudulently acquiring confidential information, such as account passwords or bank card information. Within phishing, there are two new types that are becoming particularly popular among cybercriminals, especially in holiday seasons: the CEO and the Man In The Middle scam. 

This article explains what they are and offers a series of tips on how to avoid them.

What is CEO fraud? 

The CEO fraud is the use of an identity of someone with authority in a company, such as the chief financial officer (CFO) or chief executive officer (CEO), to try to defraud employees who have access to the company's accounts or other relevant assets. Using this fraud, the criminal tries to get money transferred or obtain confidential information from the organisation that can be used to his or her benefit.

One of the most common ways in which this CEO fraud occurs is through the registration of a company's website domain that is very similar to the real one. Then, the criminal sends an email to someone with a position of authority within the company, pretending to be someone in charge, asking them to urgently and confidentially send a certain amount of money to an account controlled by the cybercriminal.

What is the Man In The Middle fraud?

The Man In The Middle attack involves the criminal intercepting the communication between two people connected to a network. This allows them to obtain highly confidential information (such as bank details or the victim's physical address) that will later facilitate the phishing of either person, so that they can ask the CFO of the company to make a payment to them.

Typically, in a Man In The Middle fraud, criminals will use email address phishing of a company's suppliers to divert payments to a fraudulent account. It can also happen the other way round: spoofing a customer's email address to divert their charges to a fraudulent account. 

This may interest you: Check out the new online fraud attacks

Tips to avoid becoming a victim of a CEO or Man In The Middle phishing attack

In order to avoid becoming a victim of a cyberattack, the most important recommendation is to be cautious. If you have any doubts about a request you receive informing you of a new subscription account, the best thing to do is not to trust it. Remember that Banco Sabadell will never request confidential data from you by text message, email or phone call, nor will we request that you transfer your funds to a secure account.

In addition, we recommend that you follow other tips to minimise the chance of suffering any of these frauds, such as:

• First, always check email addresses, paying special attention to any differences that you may notice in the email.

• Check by a different method other than email (such as the bank's app) any change in the direct debit of a payment suddenly and without prior warning.

• So, if you receive an email informing you that there has been a change in the account to which a payment has been sent, you will usually receive a simultaneous phone call from the impersonator to confirm the fraudulent activity. Never trust any such call and always check the authenticity of the exchange by contacting the supplier on the telephone number originally given to you.

• The first time you make a transaction with a new supplier, always confirm that the details of the payee and the bank address for payment are identical to those included in the previously established contract or on the order form and that there are no changes.

• Remember never to share your passwords or your company's passwords with anyone so as not to allow them to be compromised. 

• It is crucial to inform a company's employees about the possible fraudulent activity that they may be exposed to, especially in relation to being cautious when they are required to make a payment.

• And it is important for any company to implement internal protocols for verifying payment requests received by telephone or email. 

This may interest you: How to increase the cybersecurity of any online transaction

If you have any queries, Banco Sabadell has a customer service team at your disposal 24x7 on 963 085 000.

Photograph by Andrea Piacquadio on Pexels.

There are countless Internet scams out there, but you can reduce your chances of falling victim to one if you follow certain guidelines.

Although there is a plethora of cyberthreats on the Internet, knowing the most common ones is essential to keep alert and aim to avoid them. Below we analyse the most common online scams and give you some recommendations to reduce your chances of falling victim to one of them.

What are the most common online scams

Although there is a wide variety of online scams, these are the most frequent:

• Phishing. This is a type of computer crime that features the attempt to fraudulently acquire confidential information, such as the password to your bank accounts or detailed information on your credit cards. The cybercriminal impersonates a bank or a company and, abusing the user’s trust, asks them for their account password or card PIN number.

• Smishing. This is a variant on phishing where the fraudsters try to impersonate a bank, company or institution using SMS. Generally, the message asks the victim to call a special billing number or access a link to a fake website using a false pretext. If the recipients opens the link, the cybercriminal may infect their device or access sensitive information.

• Vishing. The aim here is to steal the victim’s bank data or make financial transactions. This is a phone scam in which the criminal calls and pretends to be from a company, organisation or trustworthy person in order to obtain personal and sensitive information from the victim. In these calls, the victim is sometimes informed of a transaction and they are requested to download an application to authorise it or they are informed of attempted fraudulent operations and requested to make a transfer to keep their money safe.

Important: remember that Banco Sabadell will never request confidential data from you by text message, email or phone call, nor will we request that you transfer your funds to a secure account.

This may interest you: Check out the new online fraud attacks

How to avoid online scams

Each of us can take certain actions to enhance our level of security and avoid falling victim to an online scam. Some of the more important are:

• Periodically updating your card PIN and password to access your remote banking. Regularly change your passwords and use a different one for each of your accounts, making sure they are as strong as possible (for example, creating passwords at least 8 digits long that include upper and lower-case letters, numbers and special characters). Remember never to physically write down the passwords anywhere or share them with anyone.

• Never give out your username or password. Never share your passwords with anyone else to prevent them from being compromised. Banco Sabadell will never ask you for this information. For this reason, do not share any password or confidential data, such as transaction keys or card details (PIN, CVV or numbering), even if the sending party identifies itself as Banco Sabadell.

• Keep a close eye on your security. Always check the information on the most recent login to your online banking on the Banco Sabadell website. Remember to always use email in secure mode and distrust those emails that come from unfamiliar sites or those containing incoherent information. Also avoid entering your passwords and or opening a session in your online banking on public computers.

• Always keep your devices updated. Keep both your mobile phone’s operating system and apps updated. Also remember not to install apps from unknown sources and use official and certified sites, such as Google Play Store or the App Store. Install an antivirus program on your computer and your mobile phone.

• Always browse on secure websites. When using the Internet, make sure that the websites you connect to are: https:// and not http://. Look carefully at the address and if it begins with https, it will have a padlock. When you click on the padlock, check that the address is written properly.

If you have any queries, Banco Sabadell has a customer service team at your disposal 24x7 on 963 085 000.