Your best weapons against malicious activity and online fraud are awareness and caution. Always check sources of information and take precautions when making online payments or transferring funds to someone else.

When shopping in an online store, it is important to follow several important principles:

-        Use trusted and verified online stores

-        When shopping at new online stores that you haven´t used previously, do a preliminary research on the related information and reviews.

-        Be extra careful with unrealistically high discounts or suspiciously big sales.

-        When registering in online stores, use a different email address, user name and password. When shopping online, do not use the email you are registering with for online banking or other important websites.

-        Avoid shopping online through unprotected public Wi-Fi networks, where a secure Internet connection cannot be guaranteed.

Do not save your bank card details on online shopping forms and user profiles in online stores. Although this may be convenient for the user, it carries many risks to your financial information.

Maintaining and updating the software used is an important part of its proper ing and correct protection. Software developers update their applications regularly and installing those updates on the devices in a timely manner reduces the risks of malicious activity being successful.

Strong passwords reduce the risks of being easily “guessed” by cybercriminals. Strong passwords contain upper and lower case letters, numbers and special characters, and are longer. An alternative to strong passwords are the so-called pass-phrases. Phraseological expressions that are easy to remember and contain a combination of words or short sentences, written in a certain way with which only the user is familiar.

The use of an additional transaction confirmation mechanism is strongly recommended wherever this option is available.

There are different types of attacks targeting human nature and the psychology of the user behind the device (smart phone, tablet, computer). These attacks are targeting not so much to breach the security of the actual device, as to trick the user and thereby gain access to their data such as credit or debit card numbers, PIN code, username and password, etc. These attacks are commonly known as Phishing. The difference in names comes from the channel used for the attack:

-        Phishing - an attack using e-mail as a means of obtaining sensitive information. It is usually random and fairly easy to recognise.

-        Smishing - an attack using mobile SMS as a means of obtaining sensitive information.

-        Vishing - an attack using a voice call (Voice) as a means of obtaining sensitive information.

-        Spear phishing - a phishing attack targeting specific user groups. The attack is well prepared and targets user groups that present common characteristics.

-        Whaling - a phishing attack targeted at senior-level position employees or system administrators (from the English term “whale”).

Business Email Compromise (BEC) or CEO Fraud is a phishing attack targeting the top level executive roles in an organization. The purpose is to mislead people who would normally be authorised to order or confirm large cash payments or money transfers. In this way a “fake” manager or director can deceive them into making payments.