Lorraine Williamson
WhatsApp and social media have become so routine that many people stop thinking about the risks until something goes wrong. That is the warning coming from Spain’s National Cybersecurity Institute, INCIBE, which this week urged users to review how they use platforms such as WhatsApp and social networks before scammers or privacy breaches catch them off guard.
The official advice, published on 4 March, focuses on a simple point: everyday habits online can expose users to fraud, identity theft and unwanted access to personal data.
For readers in Spain, this is the kind of warning that feels especially relevant because WhatsApp is woven into daily life. It is how families talk, how school groups organise themselves, how businesses answer customers and how neighbours share information. That convenience is exactly what makes it attractive to fraudsters, particularly when users trust messages too quickly or leave security settings unchanged for years. This is an inference based on INCIBE’s guidance about suspicious messages, privacy controls and account protection.
The most common mistakes are also the easiest to make
INCIBE’s latest guidance says users should be wary of suspicious links and unexpected files, especially when messages create pressure or urgency. It specifically flags red-flag messages such as warnings that an account will be blocked, unexpected prize claims, shortened links and attachments that the user was not expecting to receive. Even when a message appears to come from someone you know, the institute advises checking through another channel if the content feels unusual.
That matters because scams increasingly rely on speed rather than sophistication. A message only needs to feel plausible for a few seconds to trigger a click. Once that happens, users can end up handing over personal data, opening malicious files or exposing their accounts to takeover attempts. Again, that is the practical implication of the specific risks INCIBE lists in its guidance.
Privacy settings deserve more attention than most people give them
The other major theme in the advice is privacy. INCIBE says users should review who can see their profile information, posts and personal details on both social networks and messaging apps. That includes limiting visibility where possible and being more selective about what is shared publicly or with broad contact groups.
This is one of those areas people often ignore because nothing appears wrong on the surface. Yet exposed profile photos, phone numbers, status updates and public-facing personal information can make it easier for strangers to impersonate contacts, build scam messages or gather details for social engineering. The article does not dramatise that risk, but the logic behind the warning is clear.
Two-step verification is one of the clearest protections
INCIBE also recommends enabling extra account protection, especially two-step verification on WhatsApp. That extra layer makes it harder for someone else to seize control of an account, even if they manage to obtain a verification code or other login information. The institute also links this advice to its wider training material on using WhatsApp securely.
Just as importantly, it warns users never to share SMS verification codes. That sounds obvious until a fake support message, a spoofed friend request or a panicked family-style scam lands at the wrong moment. In practice, these attacks work because they rely on distraction and trust.
Updates and caution still matter
INCIBE’s advice also includes keeping apps and devices updated, another basic step many users postpone. Security updates are easy to treat as an annoyance, but they remain one of the simplest ways to reduce exposure to known vulnerabilities and account compromise.
That is partly why this kind of public guidance keeps reappearing. The risks are not always new. The problem is that the same weak habits persist: clicking too fast, trusting the apparent sender, ignoring privacy menus and leaving old settings untouched. In that sense, the latest INCIBE note is less about technical complexity than digital routine. This is an inference drawn from the guidance and from INCIBE’s broader citizen-awareness material.
WhatsApp video call scam hits Spain
A useful reminder before the weekend scroll begins
People tend to spend more time on messaging apps and social networks at weekends, often sharing photos, replying quickly and clicking on whatever lands in group chats. INCIBE’s message is therefore not alarmist. It is practical: slow down, check links, protect the account and think twice before handing over information. This timing inference is based on normal weekend user behaviour rather than a specific INCIBE claim.
In other words, Spain’s cyber agency is not asking people to abandon WhatsApp or social media. It is asking them to use them with a bit more friction and a lot less blind trust. For many readers, that may be the most useful warning of the day.