Operating safely online is a priority because the internet has become an indispensable tool in our lives. Every day we connect, search for information, and access public and private products and services. The internet is part of our daily lives and influences how we act and even think much more than we realize.
That is why combating cybercrime has gone from being a necessity to an obligation, whether we are individuals or work in companies, institutions, or governments. We all have the responsibility to prevent it: companies and authorities must invest in protection and strengthen collaboration among all involved parties, and individuals must also assume responsibility for protecting their own data and resorting to reliable sources for advice and acting with caution.
Just as we tend to think that cyberattacks happen to others, we also believe that we will never suffer online scams. However, we are all exposed and must be alert. Not only for our own good, but also for that of our environment. Apart from the financial consequences that cyberattacks and scams can bring, they can impact our close environment and represent a blow to everyone’s security and trust.
With this goal of raising awareness for prevention, we congratulate the guide published by the CNMV on scams and fraud. In its introduction, it defines financial fraud as an action carried out by a person or company that causes harm to a third party through deception and with intent to profit. And although there are many types of financial scams and fraud, all have been amplified by the digital transformation of society.
The types of deception described in the guide are well-known age-old practices: promises of substantial gains, infallible investment methods or impossible solutions to economic and financial problems, and short-term offers. Although different, they all share a common factor: they offer high future profitability, far beyond what exists in the economic context, in exchange for delivering initial capital to the supposed expert or unauthorized entity offering this type of service.
The terms ‘chiringuito financiero’ (financial shacks) or ‘pirate entities’ informally define those entities that offer and provide investment services without being authorized to do so. These are fraudsters who can use the same commercial channels as any legitimate entity: telephone, email, websites, and social media, among others. While companies and entities providing investment services are registered and subject to the rules governing securities markets and strict controls by supervisory bodies, these ‘financial shacks’ operate outside the law.
Cooperation, especially public-private cooperation, is key to combating cybercrime in all its forms. With this conviction, the Spanish Banking Association (AEB) signed the general protocol of the Action Plan against Financial Fraud a few months ago to promote and improve the prevention and fight against the offering of potentially fraudulent products and services, which cause serious harm to investors and the entire regulated financial sector.
Through this Plan, promoted by the National Securities Market Commission (CNMV), measures are articulated to reduce the capacity for action and expansion of financial fraud attempts, restrict the advertising of activities to attract new victims, and provide financial service clients with the necessary tools and knowledge to avoid becoming a victim. The published guide is a good example.
Cybersecurity is fundamental for banks, which employ all means at their disposal to guarantee the security of their clients and face the risks that will surely appear in the future. Entities are prepared to detect and prevent financial fraud, and their channels are secure for operations: official websites, applications, and telephone banking. However, it is always necessary to access them directly and be wary of communications or notices received via instant messaging channels, social media, SMS, or calls from phones that, even if they appear official, are not.
No authorized financial institution will ever ask its clients for personal information or full passwords. They already have this data and under no circumstances need to request it, much less through such unconfidential means as email or telephone. Prudence and common sense are our best allies in the fight against cybercriminals.
José Luis Martínez Campuzano, Spokesperson for the Spanish Banking Association
