CSIRT-CAN – Centro de Respuesta a Incidentes de Seguridad de Canarias

Blog Lists

Social Media Privacy: How to Control Your Privacy to Protect Yourself

Sharing too much information about our lives on social media puts our privacy at risk.Even if we think that sharing images or videos of our lives doesn't expose us, it can actually pose a risk.Here are some of the mistakes users make:1.    Real-time locationPhotos, stories, and check-ins reveal where you are and your routines.2.    Personal dataDate of birth, phone number, email, or school.3.    Habits and routinesSchedules, trips, frequented places.4.    Work informationPosition, company, projects, or tools you use.5.    Photo metadataSome images include technical data such as location or device.6.    Contacts and relationshipsWho are your friends, family, or coworkers? How to configure privacy correctly1.    Review profile visibilityLimit posts to friends or contacts only.2.    Control who can contact youFilter messages and requests.3.    Turn off automatic location sharingPrevent unnecessarily sharing your location.4.    Review app permissionsMany apps access your profile and data.5.    Hide sensitive informationPhone number, email, and date of birth.6.    Review past postsDelete or restrict past content.7.    Use two-factor authentication (2FA) Protect your account, even if your password is stolen. 

Read more

Public Wi-Fi: The Risks of Unprotected Connections

Wi-Fi networks are convenient, but they are not secure. Connecting without protection can put your personal and professional information at risk. So we explain the main risks of public connections and how to protect yourself.Main Risks:1. Data InterceptionAn attacker can spy on your communication and steal passwords or personal information.2. Fake Wi-Fi NetworksSome networks mimic legitimate names to deceive users.3. Credential TheftFake forms or pages can capture usernames and passwords.4. Access to Device FilesOn poorly configured networks, other users can view or access your device.5. Malware InfectionMalicious downloads or redirects can install harmful software.Recommended protections:1. Use a VPNEncrypts the connection and protects your data2. Avoid accessing sensitive accountsDo not access online banking or critical services3. Check that websites use HTTPSEnsures the connection is encrypted4. Disable automatic connectionsPrevents your device from automatically connecting to unknown networks5. Keep your system updatedReduces exploitable vulnerabilities6. Disable file sharingPrevents unauthorized access 

Read more

Social Engineering: How to Manipulate the Population

Technology can protect you, but social engineering is a powerful strategy for attacking and dominating social groups. The best defense against these threats is information, so let's clearly explain what this phenomenon is.Social engineering consists of psychological manipulation techniques used to deceive people and obtain information, access, or money. Identity theft, fake calls, and phone scams are some of the best-known methods. Most Common Techniques1. Fake calls. They impersonate banks, technical support, or companies.2. Identity theft. They impersonate colleagues, bosses, or technicians.3. In-person deception. Physical access to offices by pretending to be authorized personnel.4. Urgency and pressure. Act now or you will lose access.5. False authority. They present themselves as a figure of power.6. Trust and closeness. They create bonds to manipulate. The attackers' objectives are varied: stealing passwords, obtaining personal data, accessing systems, acquiring money, and installing malware.How can you protect yourself from these actions?1. Verify identities2. Be wary of urgency3. Do not share sensitive information4. Cybersecurity training5. Clear protocols in companies6. Report suspicious attemptsWhen should we suspect a possible threat?Attackers usually contact us with unexpected requests and alarmist language. This is intended to alert the victim and force them to think quickly, without considering the veracity of the information.If we listen carefully to the information they transmit, we will discover that: there are errors in the information and requests for access to unnecessary payments. In this way, the victim could report the attacker, and the authorities would track down these criminal 

Read more

Brushing: The New Mail-Order Package Scam

Brushing scams are a type of e-commerce fraud in which a seller sends a package to a seemingly random person's address. The item is usually of low value, and it's not an altruistic gesture. It's actually an attempt by the seller to fraudulently inflate the product's rating on online sales platforms. Here's how it works:• The scammer obtains a list of names and postal addresses. They can get these from cybercrime forums or through people search sites. They can even gather this information from public sources.• They create a fake buyer account on an e-commerce platform where they sell their products. With this account, they "buy" their own product and send the item to the victim's address.• Using the fake account, they post a 5-star review, boosting (or "brushing up") the product's reputation and visibility. The victim usually first becomes aware of the fraud when they receive the unsolicited package.Why would anyone care about receiving free products in the mail, even if they're cheap and lightweight?On the one hand, being targeted by a brushing scam could indicate that your personal data is being shared in the world of cybercrime.On the other hand, scammers might be verifying your data to move on to a second phase, which involves more serious identity fraud.There are also more dangerous versions that include a QR code inside the package you receive. Scanning it will likely take you to a malicious or phishing site designed to install malware or trick you into sharing more personal information.Finally, there's an indirect cost associated with these scams: they slowly and silently erode the trust consumers place in e-commerce platform review systems.How can you tell if you've been a victim?It shouldn't be too difficult to figure out if you've been targeted by a brushing scam. If you receive a low-value, poor-quality item in the mail that you don't remember buying, that's an immediate red flag. A vague or missing return address, and the presence of a possible QR code inside the package, are also red flags.To be sure, check your emails and accounts on e-commerce platforms or marketplaces, looking for recent purchases. It's also worth checking your bank accounts and credit reports for suspicious activity, as scammers may have moved on to the next stage of the fraud.What to do if you receive a package?If you receive something in the mail that you don't remember ordering, minimize the risk by following these steps:• Confirm that it's not a gift by asking family, friends, or other people in your household if they've ordered anything in your name recently.• Do not scan any QR codes that may be inside the package.• Check that no money has been withdrawn from your bank account and that no new lines of credits have been opened in your name.• Activate multi-factor authentication (MFA) on your bank and credit card accounts.• Enable MFA on all your online shopping accounts and email.• Report the fraud to the relevant platform (e.g., Amazon). Most have a specific section for reporting brushing scams.• Don't try to return the item to the sender. It's yours to keep, if you want.How to protect yourself from brushing scams?There are steps you can take to reduce the likelihood of becoming a target of this type of fraud. It all comes down to what personal data is accessible to scammers.It's true that there's little you can do if a company you interact with suffers a data breach and exposes your information. However, there are identity protection services that scan the dark web for potentially compromised data.Since scammers also obtain data from the public web, it's important to adopt good privacy habits:• Minimize what you share on social media.• Configure your accounts so that only your contacts can see your posts.• Remove personal data such as address, date of birth, and phone number. Finally, reduce the possibility of your data being obtained through information brokers by unsubscribing from sites like BeenVerified, Spokeo, and TruthFinder. It requires some effort, and you'll need to repeat the process every few months, but it's worth it. Mitigating this risk isn't a one-time task; it demands continuous vigilance over your digital world. Ultimately, it's the price we pay for access to the services we enjoy. 

Read more

Phishing: The Most Profitable Tax Fraud Technique for Cybercriminals

Phishing is a digital fraud technique in which an attacker impersonates a trusted entity to deceive a victim and obtain compromising information that facilitates the theft of private data, such as bank details, and thus access accounts or systems.These scams occur on websites that impersonate trusted companies, assume the identity of a loved one you trust, and sometimes even impersonate institutional sources, such as the DGT (Spanish Directorate General of Traffic) or the Ministry of Finance. These are the key points to keep in mind to prevent it:1. Verify senders and links• Carefully review the sender's email.• Hover your cursor over links before clicking to check if they lead to a suspicious site.2. Do not share sensitive information• No legitimate institution requests passwords or bank details via email or text message.3. Enable two-factor authentication (2FA)• Adds an extra layer of security even if your credentials are compromised.4. Keep software and devices updated• Updates fix vulnerabilities that can be exploited.5. Use spam filters and security tools• Modern browsers and antivirus software automatically detect suspicious pages and emails.6. Training and awareness• Especially in businesses: train users to identify phishing signs.7. Verify urgent or alarmist requests• Attackers often use pressure tactics (“your account will be blocked”).• Confirm through another official channel before taking any action.8. Check the website URL and certificate• Make sure it starts with https and that the domain is correct. Following these practices will help us all coexist in a safer digital ecosystem. 

Read more

What is CSIRT-CAN?

The CSIRT-CAN (Canary Islands Security Incident Response Center) is an entity dedicated to the protection and resilience of digital infrastructures in the Canary Islands. Our center specializes in the detection, analysis, and mitigation of cybersecurity incidents, providing technical and strategic support to public and private organizations.

Report an incident
CAPTCHA
Image CAPTCHA
Get new captcha!
Enter the characters shown in the image.
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.

What do we do for you?

CSIRT-CAN offers various services for the prevention and prompt resolution of cybersecurity-related incidents.

Tarjeta de Links

Information is  PREVENTION

Incident REPORTING

Proactivity and TRAINING

Happening Now

Trends

Slider Principal

Be Careful What You Search on Google!

Read more

Vulnerability Allowing Remote Code…

Read more

[SCI] Command Injection in Moxa Products

Read more

Multiple Vulnerabilities in Power…

Read more
Blog Lists
News
Listados de Alertas
Newsletter
Listados de Alertas
Alerts

Services by Profiles

Públicos Objetivo