On average, nearly 400 individuals reach out daily to the National Cybersecurity Institute (INCIBE) helpline at 017 in search of digital assistance. In 2025, the helpline recorded a staggering 142,000 inquiries, becoming a barometer for online safety concerns. Nearly half of these calls (49%) were preventive measures from citizens looking to protect themselves from potential scams, while the remaining 51% sought guidance after already experiencing some form of online damage, according to INCIBE's 2025 Cybersecurity Balance report.
Fraudulent Purchases: A Growing Concern
Seventeen percent of citizen inquiries pertained to fraudulent purchases, as indicated by INCIBE's report. Often, after completing a transaction, victims find that either the item never arrives or what they receive is entirely different. Ángela G. Valdés, a technician at INCIBE's Cybersecurity Help Line, noted an alarming increase in identity theft associated with the Lidl supermarket chain, where scammers created fake ads on social media, ultimately stealing card information from unsuspecting victims.
For those affected by such scams, Valdés recommends contacting their bank to cancel the card and attempt to reverse any unauthorized charges, in addition to filing a complaint with local authorities. To mitigate the risk of falling victim to these frauds, it is advised to verify the URL when making purchases through social media and to directly visit the official business page when in doubt. Caution should also be exercised regarding suspiciously low prices or poor-quality images.
Understanding Social Engineering Attacks
Following fraudulent purchases, queries about social engineering attacks rank highly, representing 15% of calls, with an additional 10% related to fraudulent SMS. Valdés pointed out a decline in phishing methods, as the use of fraudulent calls and messages has become more prevalent. These scams include smishing (Scam SMS) and vishing (voice scams).
A recent example involved a victim receiving a call from someone impersonating a Civil Guard agent regarding a fictitious traffic ticket. Scammers frequently pose as representatives from energy, telecommunications, or other services, attempting to collect personal information under the guise of contract updates or offers. Valdés emphasizes the importance of hanging up and contacting the company directly through verified channels.
Privacy Issues and Online Reputation
In 2025, privacy and reputation concerns affecting minors led to 19% of inquiries. One distressing case involved a mother who contacted 017 when a teacher shared unauthorized photographs of her daughter during a school field trip. Valdés advises keeping social media accounts private and being cautious about accepting friend requests, stressing that control over shared content can be easily lost.
Sextortion: A Rising Threat
Eighteen percent of calls related to sextortion, with a notable increase in these incidents reported in 2025. Valdés explained that both minors and their parents frequently seek assistance after being targeted. Cases often involve AI-generated images sent by strangers demanding ransom or extortion following the sharing of intimate content. Victims are advised to report such incidents to the appropriate platforms and authorities to help prevent further exploitation.
Identity Theft on Social Media
Ten percent of inquiries about minors involved identity theft, particularly linked to social media accounts. Scammers create false profiles using photos or personal data of their victims to deceive or harass others. Valdés recommends careful information management on social media and regularly checking online presence for any unauthorized exposure.
Corporate Cyber Threats
In the corporate sector, identity theft scenarios accounted for 18% of inquiries, while phishing attempts reached 12%. Cybercriminals often create fake social media profiles to impersonate legitimate businesses, leading to an array of complications such as client information theft and reputational damage. Organizations are encouraged to inform customers about fraudulent activities and report any fake accounts to mitigate risk.
Preventing CEO Fraud
CEO fraud constitutes around 9% of calls, where individuals impersonate company executives to authorize fraudulent transactions via email or voice. Valdés recommends implementing a double-verification process for financial transactions and using shared keywords to verify legitimacy.
Personalized Cybersecurity Assistance
While general recommendations are provided, INCIBE offers personalized guidance for each case, analyzing situations individually. Their approach encompasses a team of cybersecurity specialists, legal experts, and psychologists ready to assist through various channels, including WhatsApp and Telegram. This service is free and confidential, ensuring that calls do not appear on the phone bill.
