Digital Banking

Digital Bank

Security advice

Precautionary MeasuresSocial Networks and Social EngineeringEmail and PhishingTelephone calls and VishingFake Sites and Web SpoofingVirus and MalwareFraud Prevention

Precautionary Measures

At Monex, we are committed to your safety, for that reason, we would like to share some preventive measures to help safeguard your information.

Security Videos


Safe browsing. Avoid browsing unsafe, suspicious websites or clicking on links that redirect you to other websites. Always validate the URL address of our portal: https://www.monex.com.mx/portal

Sensitive information. Do not share your username, password, and/or dynamic token key over the phone. No one at Monex will request this information or ask you to perform transactions on behalf of third parties.



Password change. It is advisable to change your security password every 3 months or after visiting a suspicious site where your banking information may be at risk.

Security device. Never update your token or provide your dynamic key by phone or email.




Avoid searching for the word 'Monex' on Internet search engines (Google, Yahoo, Bing, etc.), as it may lead you to fake sites.

Log into our official website directly on your browser: https://www.monex.com.mx/portal


At Monex, we are committed to your security. For any questions or comments, you can contact us through the official channels gac@monex.com.mx, at +52 55 5230 0200, and +52 55 5231 4500, or consult with your Monex Advisor.

Prevención de fraudes

Una página falsa, es un sitio web que aparenta ser legítima y tiene como objetivo engañar a las personas.

A continuación te compartimos recomendaciones para evitar ser víctima de este tipo de fraude:

  • No realices la búsqueda de la palabra Monex a través de buscadores de internet (Google, Bing, etc.), teclea en tu navegador la URL oficial: https://www.monex.com.mx/portal y/o https://bancadigital.monex.com.mx/PortalServicios/serviciosenlinea/view/template/ServiciosEnLinea.jsp?language=ES
  • MONEX nunca te solicitará sincronizar el usuario, token o contraseña por teléfono y/o correo electrónico.
  • Se cuidadoso con llamadas que buscan obtener datos confidenciales para acceder a la Banca Digital, no proporciones ningún dato.
  • Previo a la autenticación en la banca, elimina las cookies e historial de navegación.
  • Una vez que ingreses tu usuario y contraseña, verifica en la pantalla principal que se indique el saludo de bienvenida seguido de tu nombre.
  • Actualiza tu antivirus y ejecuta escaneos de tu equipo con frecuencia.

 

Let's take care of our data

 

On a stationary or desktop computer

º Try to keep your computer updated with the latest security patches that correspond to your equipment, this helps improve the levels of protection against malicious software and viruses that take advantage of those devices that are not updated.

º  An updated antivirus or antimalware is a good practice that helps protect information.

º Use strong passwords of at least 12 characters in length and change them at least every 90 days, separating those that are for personal use from those employed in an occupational setting.

º Avoid downloading software from unknown websites or from those without proper licensing (programs, music or apocryphal videos).

On a mobile computer or laptop

  • Try to keep your computer updated with the latest security patches that correspond to your equipment, this helps improve the levels of protection against malicious software and viruses that take advantage of those devices that are not updated.

  • An updated antivirus or antimalware is a good practice that helps protect information.

  • Changing the Wifi password helps keep strangers from accessing your devices and also prevents them from using your network.  

  • Avoid accessing public internet connections like for example in restaurants, airports or bus stations, as these do not have appropriate security levels to protect users who connect to the internet while using those networks.

  • Use strong passwords of at least 12 characters in length and change them at least every 90 days, separating those that are for personal use from those employed in an occupational setting. 

  • Avoid downloading software from unknown websites or from those without proper licensing (programs, music or apocryphal videos).
On tablets or Smart phones

  • Mobile devices such as smartphones or tablets are also computers, therefore it is important to update them with the latest versions of operating systems available.

  • These types of devices are also susceptible to viruses or malware; therefore, it is important to only download content from official stores that correspond to each platform.

  • There are antiviruses for these types of devices that are downloaded from official stores that correspond to each platform.

  • If these types of devices no longer receive security or operating system updates from the manufacturer, we recommend not using them for any type of financial transaction, as these may be compromised.

  • Avoid downloading software from unknown websites or from those without proper licensing (programs, music or apocryphal videos).

At home

  • Changing the Wifi password helps keep strangers from accessing your devices and also prevents them from using your network. If you do not know how to make such changes, you can contact your internet service provider for tech support.

  • When Internet services are not being used at home, it is highly recommended to turn the transmission device off.

  • It is also safer to keep computers off when nobody at home is using them, as it prevents them from being hacked by unauthorized users without anybody noticing.

     

Through the Phone

  • In recent years we have become aware, through different media outlets, of telephone calls used to commit fraud against other people, therefore we recommend being very careful while providing private or personal information over the phone .

 Social Media and Social Engineering 

What is Social Engineering?

  • Social engineering is the act of manipulating a person through psychological techniques and social skills in order to achieve specific goals.
  • These may include securing sensitive information, accessing a system or obtaining bank details.
  • Social engineering currently uses social media and messaging media for such purposes and also uses techniques such as Phishing, Vishing, Web Spoofing and Smishing.
     

What is Smishing?

  • The use of SMS messages, instant messaging or social media messages for the purpose of impersonating the identity of an institution, entity or person in order to gain contact with a victim and thus obtain sensitive information.
Instant Messaging

  • In many instant messaging services, you may receive communication from strangers, therefore it is highly recommended that you avoid responding to messages received from unknown numbers until you figure out who they are from. If you still don’t recognize who the message is from, the most advisable option would be to block the phone number.

Text Messages

  • If you receive a text message indicating that your credit card or bank account has been disabled, followed by a telephone number where you should call to reactivate it, the most advisable option would be to call the telephone number on your contract or on the institution’s official web page to verify such message.

Social Media
  • Limit the use of personal or corporate emails to those from networks to which you have subscribed and use security levels that avoid direct contact with strangers.
  • Carefully read email that request sensitive personal information from unknown sources.
  • On social media pages such as Facebook, there is a feature to choose the privacy of your information, where you can block access from people outside your immediate social circle and avoids contact from strangers.
  • Avoid uploading pictures on social media that display your home, your place of work or your school, especially when you have an open account.
  • Normally around gift-giving holidays, people receive unbeatable gift offers through email, text messages and social media. That is why it is important to verify the authenticity of such offer before making a deposit or purchase
  • Deny friend requests from unknown people on social media, such as:
    • Facebook
    • Instagram
    • LinkedIn
    • Twitter

Email and Phishing  

What is Phishing?

Phishing is a method used by cybercriminals to trick people into revealing private information, such as passwords or credit card and Token information.

They do this by sending fraudulent emails or redirecting users to fake websites or forwarding a telephone number in order to obtain information.

 

Measures to protect email
  • Install an updated antivirus or antimalware with the capacity to verify emails.
  • Always be careful when opening emails from unknown senders with attached documents as these may contain viruses.
  • If you receive an email with attached files from a sender you know but were not expecting, confirm that it was, in fact, that person who sent the files.
  • Be careful when clicking on links included in emails from unknown senders.
  • Avoid using your email account from public networks such as airports, restaurants or convention centers.
  • Never respond or send messages received in your junk mail or spam folder
  • Use the BCC or CCO feature to send messages to multiple recipients.
  • Always use secure passwords to access your email accounts.
  • Change the password at least every 90 days.
  • Carefully read emails that ask for personal or sensitive information and that are received from unknown sources.

 

Email fraud and phishing
  • Normally around gift-giving holidays, people receive unbeatable gift offers through email, text messages and social media. That is why it is important to verify the authenticity of such offer before making a deposit or purchase.
  • Avoid entering any personal information into unknown forms or web pages in order to prevent phishing attacks.

Telephone calls and Vishing 

What is Vishing?

 

  • Vishing is a method used by cybercriminals to deceive people into revealing private information such as passwords or credit card details, frighten them with charges they do not recognize or fool them with alleged kidnappings, just to mention a few.
  • They do this by making a very convincing phone call that takes advantage of the fact that the person on the other end of the line may be distracted or feeling vulnerable.
Fake calls

Fraud committed via telephone with fake calls is a constant occurrence nowadays; therefore, if you receive a call with the following characteristics:

  • Asking you to confirm personal information like name, address, Tax Registration Number (RFC) or Unique Population Registry Key (CURP).
  • Asking you to confirm confidential information of your account or credit card; such as PIN number, password, security codes or Token codes.
  • Informing you, through a recording or alleged telephone operator, that your credit card was misused.
  • Cancellation of subscriptions or services that you don’t even remember having.

We recommend you do the following:

  • Do not provide personal information without first confirming with your bank.
  • Financial institutions do not ask for confidential information such as your credit card or PIN number.
  • If you receive a call indicating that your credit card was misused, it is important to contact your financial institution using the official phone number to verify the claim.
  • When you receive calls telling you that a subscription or service has been cancelled, the right thing to do would be to match this information with your official account statement and contact the bank to clarify such situation.
Links to fake telephone numbers
  • Text messages that are received on your cell phone or through instant messaging contain links to fake telephone numbers, therefore it is important to verify such information with your institution’s official web page to avoid walking right into the trap.
  • If you receive a text message telling you your credit card has been disabled and then provides you with a phone number to call in order to begin the reactivation process, you should call the telephone number that is printed on the contract or that is found on the institution’s official webpage in order to verify such information.

Web Spoofing or website impersonation

 

What is Web Spoofing or website impersonation?

 

  • Spoofing is the act of disguising a communication from an unknown source as being from a known, trusted source with the purpose of committing fraudulent acts. The fake web adopts the design of the original site seeking to obtain information from a person to steal their identity or access their financial web portals.
Advertising links to fake websites
  • Avoid clicking on suspicious links that come from an unknown sender or that forward you to a website. These may arrive through an email account, text message or instant messaging.
Webpage Impersonation
  • When you enter a bank portal or any website where you are going to enter private information, it is important to verify that the link begins with https:// and that the page has a certificate (depending on the web browser, it appears like a lock)
  • Do not google and click directly on the first websites that appears at the top of the search engine. When you wish to access a bank portal, we suggest you enter the name of the webpage manually and once you verify the veracity of the portal, add it to your list of favorites.
  • On various WEB platforms, in order to obtain information, access or services, it is necessary to enter an email account as a required step.

Some WEB platforms do not anticipate that the information that is entered may be compromised and shared with people who will make bad use of it.

Therefore, we suggest taking the following protection measures into consideration:

  • Open an email account that will be used just for this purpose, to help you register and open accounts in these types of webpages.
  • We highly recommend NOT providing a work email as reference.
  • Avoid registering friends, contacts, clients or co-workers as references to receive the offers in question.
Antivirus

What is a computer virus?

  • A computer virus is a software whose purpose is to alter the normal functioning of any type of computing device without the knowledge or permission of the user mainly with malicious intent over such device. Viruses normally replace executable files for others that are infected with the code of such file. Viruses can intentionally destroy data that is stored on a computer.

What is an antivirus?

  • Computer antiviruses are software programs whose purpose is to detect and eliminate computer viruses. Installing updated antiviruses significantly reduces the chances of your device being damaged by computer viruses.
Antimalware

What is malware?

  • Malware, also called malicious software, makes reference to any type of software that tries to interfere with the functioning of a computer or a cell phone. It is considered to be a type of damaging software aimed at accessing a device without the user’s consent.
  • A malware is catalogued as a malicious program according to the effects it provokes on a computer. It is not the same as “defective software”, which are programs that contain dangerous errors, but they are not intentional.
  • Many malwares operate without the user even being aware in order to extract information from the infected computer, it remotely takes control over such device and in many cases, accesses information of sensitive nature.

What is an antimalware?

  • An antimalware is a type of program designed to prevent, detect and rid individual computer devices and IT systems of any malicious software. The terms antivirus and antimalware are often used interchangeably as computer viruses are a specific type of malware. Therefore, an antivirus and an antimalware refer practically to the same thing.
Antispam

What is SPAM?

  • The terms junk mail, spam and junk message refer to unsolicited or unwanted messages or that come from unknown senders (or are even sent anonymously or by a false sender). These are normally advertising type adds, are generally sent in bulk (or even massive) and damage the recipient in one or several ways.

What is an antispam?

  • These are programs that work together with antivirus and antimalware to detect and block SPAM type emails.
Protection against threats
  • These are devices and programs that work to prevent cyberattacks against computer infrastructure, maintaining a high level of security for legitimate operations.

Una página falsa es un sitio web que aparenta ser legítima y tiene como objetivo engañar a las personas.

A continuación te compartimos recomendaciones para evitar ser víctima de este tipo de fraude:

  • No realices la búsqueda de la palabra Monex a través de buscadores de internet (Google, Bing, etc.), teclea en tu navegador la URL oficial: https://www.monex.com.mx y/o https://bancadigital.monex.com.mx/PortalServicios/serviciosenlinea/view/template/ServiciosEnLinea.jsp?language=ES.
  • Monex nunca te solicitará sincronizar el usuario, token o contraseña por teléfono y/o correo electrónico.
  • Sé cuidadoso con llamadas que buscan obtener datos confidenciales para acceder a la Banca Digital, no proporciones ningún dato.
  • Previo a la autenticación en la banca, elimina las cookies e historial de navegación.
  • Una vez que ingreses tu usuario y contraseña, verifica en la pantalla principal que se indique el saludo de bbienvenida seguido de tu nombre.
  • Actualiza tu antivirus y ejecuta escaneos de tu equipo con frecuencia.

BEC