{"id":3326,"date":"2025-09-05T09:51:05","date_gmt":"2025-09-05T07:51:05","guid":{"rendered":"https:\/\/trustlab.upct.es\/?p=3326"},"modified":"2025-09-23T10:04:31","modified_gmt":"2025-09-23T08:04:31","slug":"how-to-identify-and-avoid-online-scams-in-2025","status":"publish","type":"post","link":"https:\/\/trustlab.upct.es\/en\/2025\/09\/05\/how-to-identify-and-avoid-online-scams-in-2025\/","title":{"rendered":"How to identify and avoid online scams in 2025"},"content":{"rendered":"\t\t
\n\t\t\t\t
\n\t\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

The internet is fantastic\u2026 until an urgent message with an \u201cirresistible\u201d link pops up. I\u2019ve seen it a thousand times: tax refunds from the tax office (\u201cHacienda\u201d), held packages, \u201cguaranteed\u201d investments. That\u2019s why we\u2019ve prepared this practical 2025 guide: you\u2019ll learn how to spot and avoid online scams in minutes, with clear signals, examples, and a step-by-step plan if you already shared any data. My mantra is simple: share only what\u2019s necessary, don\u2019t click through links, use unique passwords, and enable two-factor authentication. Let\u2019s make prudence a habit.<\/p><\/div><\/div><\/div><\/div><\/div><\/div><\/article>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

\n\t\t\t\t
\n\t\t\t\t\t

Universal signs of a digital scam (and how to confirm them safely)<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
\n\t\t\t\t
\n\t\t\t\t\t\t\t\t\t

Quick checklist (what I always check):<\/p>

  • Artificial urgency: \u201cclick now,\u201d \u201cfinal notice,\u201d \u201cimmediate refund.\u201d<\/p><\/li>

  • Unreal promises or threats: magic prizes, account blocks, fines if you don\u2019t pay.<\/p><\/li>

  • Brand\/agency impersonation: copied logos, odd domains, spelling mistakes.<\/p><\/li>

  • Requests for sensitive data or money over insecure channels.<\/p><\/li><\/ul>

    How I confirm in 30 seconds (without risking it):<\/p>

    • I don\u2019t use the links. If it claims to be from the bank, the Spanish Tax Agency (AEAT), or Correos, I open the official app or type the website by hand. \u201cIf it looks like it\u2019s from the bank or the tax office, I don\u2019t touch the link: I go to the official website or app.\u201d (exactly like that). AEAT\u2019s own guides stress typing the address and checking the certificate.<\/p><\/li>

    • I check the domain and the padlock (valid certificate) before entering any data. AEAT emphasizes this on its online portal.<\/p><\/li>

    • I distrust unexpected attachments\/surveys with prizes. AEAT and INCIBE recommend not opening and not responding to unsolicited messages.<\/p><\/li><\/ul><\/div><\/div><\/div><\/div><\/div><\/div><\/article><\/div><\/div><\/div><\/div>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

      \n\t\t\t\t
      \n\t\t\t\t\t

      Email and messaging: phishing, smishing, and vishing without taking the bait.<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
      \n\t\t\t\t
      \n\t\t\t\t\t\t\t\t\t

      Scammers \u201cfish\u201d via email, SMS, and phone calls. The recipe to shield yourself is boring\u2026 and effective:<\/p>

      • Don\u2019t reply to or share data in unsolicited messages. Delete and block. (Explicit recommendation from INCIBE and AEAT).<\/p><\/li>

      • Keep your OS, browser, and antivirus up to date; this reduces vulnerabilities and filters spam. (Best practices reinforced by the FTC\/INCIBE).<\/p><\/li>

      • Enable 2FA (two-step verification) on email, social media, and banking. \u201cTwo-step verification is my daily armor.\u201d<\/p><\/li><\/ul>

        Common examples in Spain (and how I verify):<\/p>

        • Banks: \u201csuspicious activity\u201d \u2192 I log in through the app or call the number on the official website.<\/p><\/li>

        • AEAT: \u201ctax refund\u201d with a shortened link \u2192 the Agency won\u2019t ask for credentials by email\/SMS; go to the Electronic Office by typing the address and check the certificate.<\/p><\/li>

        • Correos\/parcel services: \u201cpay \u20ac1.79 in fees\u201d \u2192 I track the shipment from the official website without using the SMS link.<\/p><\/li><\/ul>

          \u201cPrivacy comes first: I share only what\u2019s necessary\u2014and thoughtfully.\u201d The less data you expose, the fewer darts can hit you.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

          \n\t\t\t\t
          \n\t\t\t\t\t

          Social media and marketplaces: \u201ctoo good to be true\u201d deals and trap profiles.\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
          \n\t\t\t\t
          \n\t\t\t\t\t\t\t\t\t

          This is where haste and excitement work against you:<\/p>

          • Wallapop\/Vinted\/Marketplace: be wary of \u201cprepayments,\u201d off-platform shipping, and profiles with no history. If they pressure you with \u201clast unit\u201d or \u201canother buyer already paid,\u201d that\u2019s a bad sign.<\/p><\/li>

          • WhatsApp\/Instagram: watch for impersonation (friends\/celebrities), fake giveaways, and requests for SMS codes (that\u2019s how they steal your account). Enable a PIN on WhatsApp and never share your screen with strangers. (Recent alerts from law enforcement\/INCIBE highlight this vector).<\/p><\/li><\/ul>

            \u201cIn Spain, I\u2019m skeptical of AEAT tax refunds, marketplace \u2018bargains,\u2019 and urgent Bizum messages.\u201d That mantra saves me a lot of trouble.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

            \n\t\t\t\t
            \n\t\t\t\t\t

            Investment, crypto, and \u201ctech support\u201d: the costliest scams (and how to cut them off in time)\n<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
            \n\t\t\t\t
            \n\t\t\t\t\t\t\t\t\t

            Seven red flags before investing a single euro:<\/strong><\/p>

            • \u201cGuaranteed\u201d returns.<\/p><\/li>

            • Pressure to deposit today so you don\u2019t \u201cmiss the train.\u201d<\/p><\/li>

            • No regulatory documentation or supervised entity.<\/p><\/li>

            • They contact you via social media and ask to \u201ctake it off-platform.\u201d<\/p><\/li>

            • They won\u2019t accept traceable transfers; they prefer crypto or vouchers.<\/p><\/li>

            • They ask you to install remote-control software.<\/p><\/li>

            • No verifiable address or customer support.<\/p><\/li><\/ul>

              Fake tech support:<\/strong> calls claiming to be from Microsoft\/your bank to \u201cclean a virus\u201d or \u201csecure your account.\u201d Hang up, contact the official number yourself, and never install apps or grant remote access.<\/p>

              \u201cI use long, unique passwords; my password manager is my lifeline.\u201d Avoid reusing credentials across banking, email, and crypto.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

              \n\t\t\t\t
              \n\t\t\t\t\t

              Already took the bait? Act within minutes: passwords, bank, report, and recovery<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
              \n\t\t\t\t
              \n\t\t\t\t\t\t\t\t\t

                1. Change critical passwords and sign out on all devices.<\/p><\/li><\/ol>

                  • Contact your bank to block cards and transactions, and monitor activity. (INCIBE lists this as a top priority.)<\/p><\/li>

                  • Scan your device if you opened attachments or installed anything.<\/p><\/li>

                  • Monitor your footprint (search your name\/email online) and exercise your rights if your data is circulating without consent.<\/p><\/li>

                  • Alert your contacts if your account was stolen to stop the domino effect.<\/p><\/li><\/ul>

                    Reporting in Spain (official channels):<\/p>

                    • National Police (at a station and via online information channels).<\/p><\/li>

                    • Guardia Civil (electronic headquarters and in-person assistance).<\/p><\/li><\/ul><\/div><\/div><\/div><\/div><\/div><\/div><\/li><\/ol>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

                      \n\t\t\t\t
                      \n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\"\"\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t
                      \n\t\t\t\t\t
                      \n\t\t\t\t
                      \n\t\t\t\t
                      \n\t\t\t\t\t

                      Conclusion<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t
                      \n\t\t\t\t
                      \n\t\t\t\t\t\t\t\t\t

                      The key to staying safe is turning caution into a routine: don\u2019t click links, verify domains, use 2FA and unique passwords with a manager, and keep your devices up to date. With more than a thousand cyber scams a day in Spain, every small barrier helps. And if something smells off, stop and verify through official channels.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t

                      \n\t\t\t\t
                      \n\t\t\t\t\t\r\n
                      \r\n