Security recommendations

BBVA takes all measures to ensure secure online banking transactions by means of a Secure Password system.

Your access password for BBVA Net is a private password that must be kept safe. They are stored in our internal systems using non-reversible encryption, so that nobody at BBVA can find out what they are.

BBVA will never request your BBVA Net credentials or any other personal or banking details by email or SMS. If you receive a message of this type, please do not provide any information through these channels.

Web browsers offer the option of saving usernames and passwords of websites that require these. BBVA recommends that you never save your passwords to our Remote Banking service in a computer or a tablet. These devices can be the target of cyber attacks and your passwords may be exposed.

• Use complex passwords that are difficult to guess, containing upper and lower case letters and interspersed numbers and symbols.
• The passwords are secret, do not share them with anyone and change them periodically.
  
• Don't write your password in post-its or notebooks; memorize it or use specialist password managers.
• In shared computers or computers connected to public Wi-Fi networks, do not enter your login passwords or personal details, such as your address, phone number, etc.
• If you receive an SMS to confirm a transaction that you have not made, please contact BBVA Belgium to report that a transaction is being made without your consent.

• Avoid using personal data that can be easily found out for your secret number, such as your birth date or your registration number, and do not share it with anyone.
• When you make an online purchase, make sure the website starts with https (and not http), includes a closed padlock on the navigation bar and displays in a visible place information about the company,, its shipping and returns policy and its Cookies Policy.
  
• Be wary of online stores with offers that seem too good to be true (-70%, -80%). Also, look out for spelling mistakes or low quality images.

Some of the most common computer viruses and threats to cybersecurity are:

• Phishing. Phishing is a cybercrime in which a target is contacted by email by someone posing as a legitimate institution to trick individuals into providing sensitive data such as personal or banking information. The recipient of the email is asked to click on a link in the email and, once in the false page, enter the requested information.
• Ransomware. Ransomware typically spreads through phishing emails with links that install infected programs or download infected files. This virus prevents users from accessing their system or personal files and demands ransom payment in order to regain access.
• Trojans. Once inside your computer, a Trojan horse downloads malware to your computer and can enable cyber-criminals to spy on you and steal your sensitive data.

• Operating systems and applications must always be updated.
• It is important to install a firewall and an antivirus and keep them updated.
• Be wary of urgent emails informing you that your account has been suspended and you must reactivate it, or an error has occurred on starting the session or emails requesting you to confirm or update information on your account, and other such requests. These mails are frauds. Remember that BBVA never sends emails or SMSs asking for your confidential personal or financial information.
• Don’t download files on your computer with .exe, .bat, .rar, .zip or .ini extensions if you don’t trust the sender.
• Don’t connect any external device to your devices from an unknown sender, such as flash drives or hard drives.
• Only download applications from official stores, such as Play Store and Apple Store. You should also check the permissions you give to each of these.
• In shared computers or computers connected to public Wi-Fi networks, do not use pages that require you to enter your username and password and do not provide personal details.
  

Protection of your user credentials

• Use complex passwords that are difficult to guess, containing upper and lower case letters and interspersed numbers.
• Do not share your password with anyone. Passwords are secret and only the owner must know them.
• Don't write down your passwords on post-its or notebooks; memorize it or use specialist password managers. You can find free such programs at www.osi.es.
• Deactivate the option to save the password on your web browser. It is safer to enter it every time you log in.
• Change your passwords regularly. If you suspect that someone has been able to ascertain your password, you must change it as soon as possible.
• Do not use the same password for multiple services (email, evernote, other banks, etc.).
• Your physical security device is personal and non-transferable.
• If you receive a message asking for your password, do not provide any information and immediately contact BBVA Net cash's customer service department.

Protecting your computer

• Keep your operating system and the version of your web browser up to date with the corresponding patches, to protect it from possible gaps or errors.
• Configure your computer and all your programs with the highest levels of security.
• Install a firewall or firewalls and keep them activated and up to date.
• Install anti-malware programs and keep them activated and up to date. Check documents you receive before opening them with your antivirus.
• Regularly back up your files.
• Avoid downloads from unknown websites, as they may contain viruses or spyware.
• Do not connect any external device to your device of doubtful origin, such as memory sticks, hard disks and cell phones.
• Regularly clean cookies and temporary files from your computer.
• Download programs and applications only from official sites.
• Set an unlock pattern on your cell phones and tablets, so they cannot be accessed by a third party.

Secure internet access and browsing practices

• When using shared computers or connecting to public Wi-Fi networks, do not visit websites that require you to use your username and password. Likewise, do not enter personal details such as address, telephone number, etc.
• Avoid connecting to pages with private content from public computers.
• If you have to enter your credentials, check that the server address (URL) starts with https, which means that you are accessing a secure server.
• A closed padlock (rather than an open one for a non-secure server) on the right or on the left of the address (URL) is another sign that the server is secure.
• Check the security certificates of the page by clicking on the padlock icon that appears when entering a secure site, or the certificate from the navigation bar, and check that it has not expired and that the domain certificate is in force. The detailed information shows the issuer (Verisign), the validity period and for whom it has issued the certificate (BBVA).
• Do not choose the “autocomplete passwords” option on your web browser. If it is activated, the passwords that you enter on the website are stored on the computer and, when you enter your username, the password field is automatically filled in. Checking this option on a shared computer could mean that someone else uses your passwords.
• Check the date and time of the last login.
• To securely end your BBVA Net Cash session, click “Sign out” in the top right corner.

Computer viruses are programs whose sole purpose is to install themselves on a user's computer without their permission or knowledge. There are several types of virus, but they usually all have this in common: they propagate and spread in the same computer and through the network.

It is easy to unknowingly contribute to spreading of viruses, by forwarding emails with infected attached files. All users must work togetherand the Internet to prevent it from spreading.

There are several types of virus, including:

Phishing:

The sending of an email that impersonates a very well-known organization and asks the user for information (address, bank details, passwords, etc.). For the user to give the information, they are often asked to click a link in the email and, once they are on the fake website, enter the requested information.

It basically works as follows:

1. Spam is sent out informing BBVA Net Cash users that they need to confirm their login details.

2. The message includes a link to a page from which to confirm their information. Sometimes, the link starts a download of malware.

3. The user clicks on the link that takes them to a “similar" page to the authentic BBVA Net Cash page, and they confidently enter their information.

4. As the page is false and controlled by the fraudsters, they are the ones who actually receive the user's information, and thus have access to the user's account.

Although BBVA will never ask you for your BBVA Net Cash log in by email, here are some tricks to help you to catch this kind of attack:

- Sometimes, the logo is distorted or stretched. They usually also include spelling mistakes or odd expressions.

- They address you as "dear customer” or “dear user” rather than your actual name.

- They warn you that your online banking account/service will be closed unless you reconfirm your login details immediately.

- The tone of the email is threatening.

- The text refers to “security commitments” or “security threats” and requires immediate action.

- The URL is not https:// and the security padlock does not appear in the browser box. False links include this kind of icon within the window to deceive you.

Ransomware:

It is a lucrative kind of tech crime. They are usually disguised as “package delivery services” or any other credible excuse, and are spread by email with links that install infected programs or download infected files. This virus blocks access to your computer's files and demands a ransom which once paid is supposed to provide a password to unlock them.

Below is a series of tips to protect yourself from ransomware:

• Do not follow links or download files attached to emails that you think are suspicious.
• Use only legal software and keep it permanently updated.
• Install antivirus software and keep it up to date.
• Back up files regularly. If your system becomes affected by a virus, you will be able to recover the information without having to pay a ransom.

Trojans:

They enter a personal computer and conceal themselves in a program. They transform the computer's behavior so that everything that it does can be seen on the criminal's computer. To prevent your computer from being infected by a Trojan, follow the same instructions as above for ransomware:

• Do not follow links or download files attached to emails that you think are suspicious.
• Use only legal software and keep it permanently updated.
• Install antivirus software and keep it up to date.

Hoaxes:

These are emails containing false gossip for the sole purpose of circulating and propagating low quality information online.

In general, they are not too harmful and are easy to delete.

To prevent these attacks, follow our recommendations and inform us of any suspicious situation or communication:

As soon as you inform us, BBVA Net Cash's customer service will launch its anti-fraud protocol: a group of specialists will be allocated to your case.

If your suspicions are confirmed, you are advised to:

• Format your hard disk.
• Installing up-to-date anti-malware.
• Keep your software up to date.

In all confirmed cases, the login password of the affected user will be changed.