• Choose a different username and password. Do not repeat codes or use the same passwords for maximum and minimum security systems.
• Change your usernames, passwords and PINs frequently.
• Make sure that the username and password include numbers and letters.
• Avoid using names, dates or things associated with your person.
• Do not use PIN numbers that can be inferred. Avoid using, for example, PIN numbers with a sequence of consecutive numbers, the same number, birth dates, telephone numbers or numbers that are related to you or your activity (National ID Number, Tax ID Number, etc.).
• Never write down passwords on a piece of paper, the computer or or on any physical or electronic document.
• Never reveal your passwords. ARQUIA will never ask you over the phone or by email for any financial information, access passwords, card numbers or personal keys (PIN).
• Avoid anyone from seeing your passwords when you enter them.
• Avoid entering passwords into public computers or computers that you do not fully trust. If in doubt, it is better to not enter passwords than regretting it.
  
  

• Keep your operating system updated in terms of the version and security patches. Check that you have an updated and active antivirus. It is advisable that you have a firewall and anti-spyware software installed.
• Set your equipment correctly to avoid any non-authorised access by third parties, such as: activate protection via password, set the most restrictive options on your web browser and e-mail software, set instant messaging programs to not allow receiving files from other users, constantly update your software (operating system, antivirus, etc.) with the latest versions and updates from the manufacturer, etc.
• Avoid sharing files or printers with others and opening email messages from unknown sources. If you have to, it is preferable to delete any sensitive data.
• Frequently make backups.
• Block or turn off the computer when not in use.
• Make sure that the installed programmes are from a reliable source.
  
  

• Keep your browser updated in terms of the version and security patches.
• Deactivate the autofill option.
• Frequently check the visited pages using your browser's "History" option.
• Avoid downloading from unknown websites and do not execute programmes that download automatically without being requested.
• Be careful and cautious when visiting new websites.
  
  

• Check the validity of the VeriSign certificate, which is an entity that certifies that the domain and address you are accessing corresponds to the company.
• Deactivate the save password and autofill options in your browser when connecting to a company or service.
• Check the date and time of last connection. If it shows a connection on a date or time that you do not remember, change your username and password as a security measure and inform ARQUIA.
• Disconnect from websites in secure environments by clicking on the disconnect button.
• When using a public or shared computer, remember the basic security measures: sign out completely, clear the cache, etc.
  
  

• Pay special attention to websites that ask for your personal details and avoid providing information such as credit card numbers, bank account numbers, etc.
• The details requested when registering on a website should be related to the service that the site will provide; avoid giving information that can be provided to third parties for fraudulent purposes.
• Remain anonymous with respect to providing personal and professional details when asked to fill in a form on a website.
• Provide actual data only when essential to receive a service (e.g. purchasing a product or receiving a package by regular mail).
• Use your credit or debit card only in stores you trust.
• Do not enter your credit card number in websites asking you for it to check your legal age.
• Never provide your PIN nor more personal details than those necessary.
• Always verify that the information being sent is encrypted, that the URL on your browser starts with “https://” instead of “http://”.
• Check that the charges received correspond to the purchases made.
  
  

Phishing involves sending emails that appear to come from reliable sources (such as banks) and that try to get users to reveal confidential banking by means of a link that sends you to false or fraudulent websites. This way the user, believing to be in a totally reliable site, enters the requested information (user, passwords, Visa card No., PIN No., etc.) which will really end up in the hands of a fraudster. The fraudulent website is usually identical to the original site, with the same Legal Notices and even links that go to real websites.

The method employed is sending a mass delivery of emails with the aim of users connecting to their fraudulent website through a link included in this email. This email will ask for your personal and financial details, and once these have been acquired, they redirect the trusting user to the genuine website.

If for whatever reason you suspect or have sent this information at any given time, change your password from your “Personal area” in Digital Banking and contact your branch or inform us through the contact form.

In the event of receiving a Phishing-type message do not provide any details and, if is related to ARQUIA, please notify us immediately through the contact form.

Usually, by checking your email carefully you can detect if it is a fraud attempt by means of phishing.

ARQUIA will never ask you for information about your access passwords, keys or PINs. Always suspect this type of situations. If in doubt, go to your branch, use the contact form or phone our customer services and inform us.

The best procedure to authenticate the identity of a website is to use digital certificates.

To inform you about the access to your accounts, at the top of Arquia Red we will display information about the last connection to the system, both in terms of access and use of services.

If you suspect that anybody knows any of your access passwords, keys, PINs or Operating codes contact your branch so they can provide you new ones. Remember that only you must know them and keep them safely.

• If when using an instant messaging programme you are requested to create a nick equivalent to an email address, you must not provide personal details directly or indirectly.
• Do not provide your nick to strangers and avoid them from appearing on public lists or areas.
• Activate a barrier mechanism against undesired instant messages.
• Do not execute or open files received from strangers. If receiving messages from known users, analyse them with an antivirus.
• Be careful when contracting an instant messaging system, since usually the nick is linked to the email address. In this case the possibilities of receiving spam and social engineering attacks will increase.
• Do not provide important personal information and in chats not even basic personal information.
• Only communicate with people you know.
• Do not activate the "start session automatically" feature when using shared or public equipment, as other users may use your nick to connect themselves.
• In chats respect the terms and conditions, codes of conduct and privacy policies. Do not start a conversation session without being aware of the aforementioned.
• Make sure that there is a supervisor or moderator in chat rooms that will be used by minors.
  
  

• Be accompanied by a responsible adult whenever connected to the Internet.
• Have an updated antivirus programme active.
• Create a customised, restricted and highly protected access environment when connecting to the computer and the Internet. Minors are much more vulnerable than adults before an attacker or intruder.
• Educate minors and explain them the advantages and the risks of using the Internet. Teach them not to share or provide personal information, and much less to strangers.
• Configure the browser using the most restrictive options and with the highest security level possible. The web browser must allow filtering websites with unsuitable content. If it does not have this feature, a specialised software must be acquired for this purpose.
• The web browser, or any other additional software, must allow the persons responsible of the minor to query the visited websites and a list of people contacted.
• Install programs or tools that block the appearance of pop-up windows, especially so no unsuitable content is displayed or any personal data is collected.
• Minors should only access a series of websites authorised by their parents, tutors or persons responsible, and these websites should have been visited by these.
• When a website collects personal details, minors should be suitably informed. Adults should always be aware of this when deciding whether to authorise or not a minor to visit a specific website or web portal.
• Minors should not have an exclusive email account, but should share it with their parents, tutors or persons responsible.
• Enable an anti-spam tool when using email. Activate the email filtering feature to avoid receiving emails with unsuitable content. In the event of receiving attached files, explain to the minors that they should not open them without being under the supervision of an adult.
• Before accessing a chat room, the person responsible for the minor must previously read its terms and conditions, codes of conduct and privacy policies and then explain them.
• When using instant messaging services or chats, explain to the minors that they must use a nick that does not reveal any personal information about them, neither directly nor indirectly. They should be told not to chat with strangers and not participate in chat rooms that do not have a supervisor or moderator.
• Check what games they play on the Internet and pay special attention to those they play against others. In such cases, if voice communication is allowed, it would be convenient to use a tool that distorts the minor's voice and impedes him from being recognised.