The summer season in Spain traditionally sees an increase in online bookings and active use of mobile devices. It is during this period that cybercriminals intensify their attacks, using phishing to obtain citizens’ personal and financial information.
Phishing is a type of online fraud in which attackers pose as well-known companies or organizations to trick users into revealing confidential information. Most often, victims receive an email, SMS, or messenger message asking them to click a link and enter their details on a fake site that appears identical to the real one.
During the summer, the number of such attacks rises. The reason is simple: people use the internet more often outside their homes, rush to book accommodation or tickets, and do not always carefully check information sources. Scammers take advantage of this by sending tempting offers, urgent notifications, and fake promotions to create a sense of urgency and push victims into making hasty decisions.
Fake booking websites and apps are especially dangerous. Even experienced users may not notice the deception if they are in a hurry or distracted. Experts recommend downloading apps only from official stores, carefully reading reviews, and checking the permissions requested by the application.
The Spanish Data Protection Agency (Agencia Española de Protección de Datos, AEPD) highlights several key rules to help avoid phishing when booking online:
— Do not respond to messages containing threats or urgent requests for action. Scammers often use phrases like “your account will be blocked” or “only one room left.”
— Do not share personal or banking information without verifying the authenticity of the request. Contact the company directly via their official website or by phone.
— Check sender addresses and links. Even if the message appears to come from a familiar name, scrutinize the details carefully. Use antivirus software and keep it regularly updated.
— Remember that banks and major services never request passwords or access codes via email or messaging.
— Pay attention to the language used: mistakes, awkward phrasing, and generic greetings can indicate a scam.
If you have fallen victim to phishing, experts from the National Institute of Cybersecurity (INCIBE) recommend immediately changing passwords on all services where you used the same combination and contacting your bank to block suspicious transactions. You should also check whether your data is being used without your knowledge and perform a full scan of your device for malicious software.
If your personal data has been misused, you can file a complaint with the AEPD. The agency’s website provides user rights protection guidelines, including how to delete or correct information.
It is important to remember that phishing is not the only threat. There are other types of fraud as well: SMS phishing (smishing), phone calls aimed at stealing personal information (vishing), as well as more sophisticated schemes, such as silently redirecting users to fake websites (pharming) or targeting specific individuals using personalized information (spear phishing).
In recent years, Spanish courts have increasingly sided with phishing victims. Recent rulings confirm: if the client acted in good faith and the bank cannot prove otherwise, the financial institution is required to compensate for the losses. This provides additional legal protection for citizens affected by cybercriminals.
Summer vacations should not be marred by financial losses and stress. Following simple digital security rules will help you avoid unpleasant situations and keep your data safe.
