What to do if you are the victim of a cyberattack?

INFORMATION
DIGITAL
Last updated: 23/02/2023

The various types of cyberattack

The Monaco Cyber Security Agency  (AMSN), established by Sovereign Ordinance on 23 December 2015, is the national authority responsible for the security of information systems.

It is an information security and cyberattack expertise, response and processing centre supporting the government and Critical Infrastructure Operators (OIV).

If you wish to inform the Monaco Cyber Security Agency of incidents affecting the operation or security of your IT systems, please use this link 

Phishing is a type of fraud where the fraudster poses as a trusted third party to deceive the internet user and prompt them to share personal information (access accounts, passwords, etc.) and/or bank details. It may involve a fake email, text message or telephone call purporting to come from your bank, a social network, your telephone operator, your energy supplier, an e-commerce site, a government website or someone you know who is in difficulty and needs financial help quickly

What can you do to avoid being a victim of phishing?

  • Always check the email address of your contact

For example, if you receive a request to make an internal transfer from your CEO or Director, check the email address. In most cases, fraudsters change one character in the address to deceive the victim (e.g. surname.firstname@business.com > surname.firstname.business@mail.com)

  • Never make a bank transfer without double-checking the details

You should do this even in the case of transfers to pay invoices. Fraudsters analyse previous email communications and insert themselves into the discussion, posing as the supplier and requesting that payment of an invoice is made to different bank details.

If you notice a strange email address, do not respond, do not open any attachments and delete the email. Inform your IT security manager if possible. 

  • Wherever possible, avoid consulting websites on which your bank details are available (retail websites, online banking, online payment tools, etc.) via your company’s network

Your company’s network administration team needs to be able to focus on business connections

  • Always check the identity of your contact when on the telephone

If you have any suspicions, double check the identity of the person you are speaking to. Well-prepared fraudsters can easily pose as one of your customers, or even as a colleague from your own company. The most serious cases involve a fraudster posing as your CEO or Director. Never trust anyone blindly

  • Avoid sending company documents via unencrypted media

Wherever possible, avoid sending them via your personal email account. If the latter is compromised, sensitive information about your company could be exposed

  • Avoid storing such documents on a personal computer which may not be protected by your network administration team

What should you do if you have been a victim of phishing?


  • Note as many details as possible:
    • Circumstances
    • Date
    • Email address with header or webpage where the fraud occurred
  • Keep a copy of your exchanges or screenshots and a comprehensive list of the information that you shared
  • Contact any individuals or organisations that may be affected: your employer, bank, service providers, contacts, etc.
  • Immediately change any passwords, codes and usernames that have been compromised
  • Report incidents to the Police Department so that they can issue with a certificate that can be produced if the identity of the victim of the phishing attack is subsequently stolen (your identity may be used by the fraudster to commit new offences, access personal and banking details, etc.)
  • Report incidents and the profile used by the fraudster to the relevant platform (retail website, telephone operator, etc.)
  • Immediately inform your superior and, if necessary, the IT manager as soon as you discover that something is wrong

Ransomware is malicious software which blocks access to a computer or files by encrypting them. A ransom payment is then demanded from the victim before their access will be restored. Devices can be infected by opening an attachment, clicking on a malicious link in an email or sometimes just by browsing a compromised website. They can also be infected following a system intrusion. In the majority of cases, cybercriminals are exploiting known vulnerabilities in software for which the victims have not yet installed the correct patches.

What can you do to avoid ransomware attacks?

  • Ensure that your devices are protected

Firewall, up-to-date antivirus software, OS/browser/email client security settings activated, etc.

  • Do not open attachments of unknown or dubious origin
  • Wherever possible, do not connect to unsecure Wi-Fi access points
  • Do not click on or accept pop-ups that open automatically (risk of viruses being installed)
  • Do not download and/or install unverified applications or cracked software

Make sure you use official stores(eg: Apple Store, Google Store, Google Play...) if you want to add apps onto your devices

  • Wherever possible, avoid downloads via torrent clients from unknown sources (peer to peer)
  • Immediately inform your superior and, if necessary, the IT manager as soon as you discover that something is wrong

What should you do if you have been a victim of a ransomware attack?

Unfortunately, awareness often comes to late. Most often, by this stage, numerous directories and disks have already been encrypted and previously copied by the hijackers. In the majority of cases, a ransom request (in Bitcoin) together with an encrypted email address (Tutanota, ProtonMail, etc.), written in English, appears on the screen stating that the decryption code will be sent following payment.

At a later stage, if you do not respond, the hijackers will threaten to post confidential information online.

What should you do at this point:

  • DO NOT PAY, since there is no guarantee that the hijackers will send you the decryption code or refrain from divulging your personal data even if you do 
  • Disconnect the infected machines from the network and contact a professional who will help try and recover your data
  • Check online to see if the ransomware in question is known and if a fix exists

  • Note as many details as possible:
    • Circumstances
    • Date
  • Keep a copy of any messages or screenshots
  • If harm has been done, submit a complaint to the Police Department including the following details

(example of harm: loss of personal data, etc.)

  • Immediately inform your superior and, if necessary, the IT manager as soon as you discover that something is wrong

Tech support scams involve frightening victims via text message, telephone, chat or email, or by making a message appear that blocks their computer. Victims are informed that there is a serious technical problem with their device and that they risk losing their data or access to their equipment. The idea is to get the victim to contact someone posing as a tech support worker (Microsoft, Appel, Google…) who will then convince them to pay for fake IT repair services and/or buy useless or even harmful software. If you refuse to pay, the criminals may threaten to destroy your files or to share your personal information.

What can you do to avoid tech support scams?

  • Do not respond if you are contacted by suppliers or operators who have no reason to do so

You may be contacted by email, text message or even by telephone. For example, a fake operator may offer to help install an update for an application on your device by taking control of the latter 

  • Do not respond to virus alert pop-ups

Close the window immediately. Your antivirus software is responsible for alerting you to the presence of a virus on your device

  • Never send your bank information or make a payment 
  • Never give anyone remote access to your computer or phone without a valid reason and without first checking the identity of the operator and the legitimacy of the original request 
  • Immediately inform your superior and, if necessary, the IT manager, providing all information that may prove useful

What should you do if you are a victim of a tech support scam?

  • Contact your bank if bank details have been shared or a payment made
  • Reinstall your system (there is a risk that the fraudster has installed a Trojan horse)
  • Immediately inform your superior and, if necessary, the IT manager, providing all information that may prove useful

Phishing is a type of fraud where the fraudster poses as a trusted third party to deceive the internet user and prompt them to share personal information (access accounts, passwords, etc.) and/or bank details. It may involve a fake email, text message or telephone call purporting to come from your bank, a social network, your telephone operator, your energy supplier, an e-commerce site, a government website or someone you know who is in difficulty and needs financial help quickly.

What can you do to avoid being a victim of phishing?

  • Always check the email address of the person contacting you

Even if the name seems familiar or official. Often, fake email addresses are subtle enough to evade suspicion (e.g. customer.service@shop.com > customer.service.shop@mail.com)

  • Do not automatically open email attachments

First make sure that you are confident of the sender’s identity

  • Never respond to a suspicious request

For example messages referring to a lottery win, unfamiliar health insurance policy, some kind of census survey... Wherever possible, you should even avoid opening the email. Just delete it

  • Always check that a request is legitimate before following any instructions

Even if the email comes from a sender that you can identify, always check the purpose of the request before sharing your usernames or passwords. For example, a fake security update relating to your online payment tools, requiring you to unwittingly log into a fake website 

  • Wherever possible, always use secure websites, checking that the URL includes "HTTPS"

This offers extra security, particularly where the website you are logging into requires information such as your bank details (retail website, online banking). You will see "HTTPS" at the beginning of the URL, which is displayed at the top of your browser. It certifies that the website in question is secure 

  • Never respond to a request from a relative that appears dubious

Without first double-checking, for example by calling the person in question (requests may include requests for money, for example)

  • Never share your bank card details with anyone

Even your banking advisor. The latter will never ask you to provide this information unless you are visiting them in person

  • Never send personal or sensitive documents digitally

If there is another option. Such documents could be saved and fall into the wrong hands

  • Never accept payments via TICKETS PCS or WESTERN UNION

These are the payment methods most popular with fraudsters

What should you do if you have been a victim of phishing?


  • Note as many details as possible:
    • Circumstances
    • Date
    • Email address with header or webpage where the fraud occurred
  • Keep a copy of your exchanges or screenshots and a comprehensive list of the information that you shared
  • Contact any individuals or organisations that may be affected: your employer, bank, service providers, contacts, etc.
  • Immediately change any passwords, codes and usernames that have been compromised
  • Report incidents to the Police Department so that they can issue with a certificate that can be produced if the identity of the victim of the phishing attack is subsequently stolen (your identity may be used by the fraudster to commit new offences, access personal and banking details, etc.)
  • Report incidents and the profile used by the fraudster to the relevant platform (retail website, telephone operator, etc.)

Ransomware is malicious software which blocks access to a computer or files by encrypting them. A ransom payment is then demanded from the victim before their access will be restored. Devices can be infected by opening an attachment, clicking on a malicious link in an email or sometimes just by browsing a compromised website. They can also be infected following a system intrusion. In the majority of cases, cybercriminals are exploiting known vulnerabilities in software for which the victims have not yet installed the correct patches.

What can you do to avoid ransomware attacks?

  • Ensure that your devices are protected

Firewall, up-to-date antivirus software, OS/browser/email client security settings activated, etc.

  • Do not open attachments of unknown or dubious origin
  • Wherever possible, do not connect to unsecure Wi-Fi access points
  • Do not click on or accept pop-ups that open automatically (risk of viruses being installed)
  • Do not download and/or install unverified applications or cracked software

Make sure you use official stores (eg: Apple Store, Google Store, Google Play...), if you want to add apps onto your devices

  • Wherever possible, avoid downloads via torrent clients from unknown sources (peer to peer)

What should you do if you have been a victim of a ransomware attack?

Unfortunately, awareness often comes to late. Most often, by this stage, numerous directories and disks have already been encrypted and previously copied by the hijackers. In the majority of cases, a ransom request (in Bitcoin) together with an encrypted email address (Tutanota, ProtonMail, etc.), written in English, appears on the screen stating that the decryption code will be sent following payment.

At a later stage, if you do not respond, the hijackers will threaten to post confidential information online.

What should you do at this point:

  • DO NOT PAY, since there is no guarantee that the hijackers will send you the decryption code or refrain from divulging your personal data even if you do 
  • Disconnect the infected machines from the network and contact a professional who will help try and recover your data
  • Check online to see if the ransomware in question is known and if a fix exists

  • Note as many details as possible:
    • Circumstances
    • Date
  • Keep a copy of any messages or screenshots
  • If harm has been done, submit a complaint to the Police Department including the following details

(example of harm: loss of personal data, etc.)

Tech support scams involve frightening victims via text message, telephone, chat or email, or by making a message appear that blocks their computer. Victims are informed that there is a serious technical problem with their device and that they risk losing their data or access to their equipment. The idea is to get the victim to contact someone posing as a tech support worker (Microsoft, Appel, Google…) who will then convince them to pay for fake IT repair services and/or buy useless or even harmful software. If you refuse to pay, the criminals may threaten to destroy your files or to share your personal information.

What can you do to avoid tech support scams?

  • Do not respond if you are contacted by suppliers or operators who have no reason to do so

You may be contacted by email, text message or even by telephone. For example, a fake operator may offer to help install an update for an application on your device by taking control of the latter

  • Do not respond to virus alert pop-ups

Close the window immediately. Your antivirus software is responsible for alerting you to the presence of a virus on your device

  • Never send your bank information or make a payment 
  • Never give anyone remote access to your computer or phone without a valid reason and without first checking the identity of the operator and the legitimacy of the original request 

What should you do if you are a victim of a tech support scam?

  • Contact your bank if bank details have been shared or a payment made
  • Reinstall your system (there is a risk that the fraudster has installed a Trojan horse)

Fake advertisements involve swindling users using marketplace websites like Le Bon Coin or Vinted. In these cases, the fraudster uses photographs of a product that has already been posted by another seller on the platform to offer the product at a better price and make the victim think they are getting a "good deal". This will allow the fraudster to collect payment and valuable personal information from the buyer, who sends the payment but will never receive the product.

These fake advertisements can also take the form of an unsolicited job offer, promising a job or rapid recruitment for attractive, well-paid work. Fraudsters pose as genuine recruiters by stealing the name of a company and the identity of an employee of the company to extract money or steam personal information (bank details, social security number, etc.).

What can you do to avoid being the victim of a fake advertisement?

  • Check the authenticity of the advertisement

Look out for certain details, such as a very old publication date, a price that seems too good to be true, etc. A web search can help with this, by highlighting feedback from other internet users about the seller and/or the advertisement itself

  • Never send personal documents

When you are making a purchase from an online marketplace there is no need to share your identity documents, payslips or bank details, and you are strongly advised not to do so

  • Always check the identity of the person you are in contact with if you can
  • Never make payments via Western Union or send a money order (these are frequently requested by fraudsters)

What can you do if you are a victim of a fake advertisement?


  • Note as many details as possible:
    • Circumstances
    • Date
    • Email address including header
    • Address or name of website
  • Keep a copy of your exchanges or screenshots and a comprehensive list of the information that you shared
  • Immediately contact any individuals or organisations that may be affected: bank, service providers, contacts, etc.
  • Report incidents to the Police Department so that they can issue with a certificate that can be produced if the identity of the victim of the phishing attack is subsequently stolen (your identity may be used by the fraudster to commit new offences, access personal and banking details, etc.)
  • Report incidents and the profile used by the fraudster to the relevant platform (retail website, telephone operator, etc.)

This offence involves extorting sexual or monetary favours. It is also known as webcam blackmail.

The malicious party makes the victim believe that they have compromising pictures of them or finds a way to obtain such pictures and threatens to publish them unless the victim sends money fast.

What can you do to avoid being a victim of sextortion?

  • Cover your webcams

This prevents fraudsters from hijacking your webcam and stealing images from your private life. Fraudsters can hijack your webcam without you realising, because the light indicating that the camera is operating does not necessarily come on

  • Always check the identity of the person you are in contact with
  • Never respond to requests from people you don’t know on social media or via email or telephone (WhatsApp, etc.)
  • Never film yourself or share compromising photos or videos of yourself

What should you do if you are a victim of sextortion?

  • Never pay a ransom

Paying a ransom is never a guarantee that the blackmail will end

  • Warn your contacts of the possibility that the pictures will be shared
  • Report incidents and the profile used by the fraudster to the relevant platform (social network, online dating site, instant messaging tool, etc.)
  • Report incidents to the Data Protection Authority of Monaco (CCIN) if the relevant platform does not take action

Children are also exposed to cyberthreats. Their increased use of social media, instant messaging, computers, smartphones and tablets makes them particularly vulnerable to cyber blackmail, incitement to engage in risky behaviour, suggestion from adults with malicious intent and bullying.

It is highly recommended that you take action to protect their data and image, and monitor their use.

What can you do to protect children from cyberbullying?

  • Educate children about the risks
  • Do not allow underage children to use social media (according to the terms and conditions, children must be 13 to use the networks, but children under 18 require consent from their legal guardians)
  • Put in place strict parental controls and monitor children’s contacts and discussions
  • Deactivate location sharing, private profiles on active accounts
  • Install a parental control app

  • Install age-appropriate content controls on smartphones or tablets 
    • On Samsung mobiles, go to Settings, then Digital Wellbeing and Parental Controls
    • On Apple mobiles, go to Settings, then Screen Time

What should you do if a child has experienced cyberbullying?


  • Keep anything that could help to identify the perpetrator(s)
    • Messages
    • Screenshots
    • Names and profile information
  • Do not respond to provocation and do not engage in escalation on social media

  • Parents should pay close attention to changes in their child’s mental health
    • Communicate
    • Reassure
  • Block accounts and report them to the relevant platform

  • Report incidents
    • To the victim’s school if the perpetrator also attends the school
    • To the Police Department
  • Submit a complaint if the incident amounts to an offence (repeated incidents, threats, abuse, defamation, etc.)

Administrative contact

Police Department

Phone :

(+377) 93 15 30 15

Fax :

(+377) 93 50 65 47