Information Security

We recommend that you take certain precautions before providing information over the internet. You must ensure that you provide these details securely. Check out our advice and make sure you are using without putting your data security at risk.

It’s best to think of passwords as if they were keys. Do not use the same password for several accounts or services. If they gain access to one, they can then access all your accounts. Try to use a "strong" password (one that is difficult to decipher) by combining upper and lower-case letters, numbers and special characters (if permitted). The longer your password is the better. Avoid the use of personal information, dictionary words and consecutive numbers.

Iberia Express will never request your personal information or log-in details by email.

"Phishing" is a common type of internet fraud and consists of sending emails that claim to be from major companies such as banks, financial institutions or companies where payments and online purchases are made. These e-mails offer apparent promotions or benefits in the name of the company for the purposes of committing crimes such as identity theft and withdrawal of money, among others. They include a link which takes the user to a website, in theory a well-known one, but is really a false copy of the original. The purpose is to obtain confidential information from the user (log-in details, credit card details, etc.), by transferring them to a data base when entered by the user on the false website, for later use on the real website by the attackers.

To avoid falling victim to this type of fraud, we recommend:

  • Verifying the source of information. Do not automatically respond to any email requesting personal or financial information.
  • Not clicking on any hyperlinks or links included in an email that may conceal the fact that they are directing you to a fraudulent site. Type the web address directly into the address bar on your browser or use Bookmarks/Favourites if you want quicker access.
  • Ensuring that the website you've entered is a secure address. If it is, it should start with https:// and a small padlock icon should appear in the browser status bar.
  • Bear in mind that competent service providers do not send messages addressed to "Dear customer," with no personalization (they will know who you are). Do not be fooled by the fact that the message includes meaningless reference numbers that cannot be verified.
  • Remembering some basic precautions such as hovering the cursor over the links to see the real address.

If you receive any form of communication, which seems suspicious, regarding a booking you've never made or that contains a booking reference that does not coincide with the one you received from us while booking, please delete it and, should you require further support or assistance, please contact our Customer Service Centre to clarify any doubt or query.

If you've received an email of this nature and suspect you have entered your details on a fraudulent website, we recommend you to change the password associated with your Iberia Express account on immediately and of any other accounts where you use the same password. Once again, we strongly recommend you to use different passwords for different services.

Pay close attention to the website's URL when making purchases online. Remember that there are fraudulent websites that look entirely real. Check it accurately!

When making payments online, only use secure connections “https://” and make sure the green padlock icon appears when you are providing personal information or payment details. Online payments of any kind should only be carried out through encrypted pages. The encryption certificate also includes a control to allow it to determine if the website is real or not. We recommend that you enter “https” in place of “http” in the address bar and check for the green padlock icon.

At, once data is provided, https pages are used.

Ensure that you have installed an anti-virus protection programme on your computer and that it is up to date. In addition to protecting against viruses, the program should ideally feature protection against malware (malicious software). More and more anti-virus programmes include these two features as standard, but it is recommendable that you make sure that the programme is as comprehensive as possible.

We also advise you to keep your operating system up to date, as updates include protection against the latest security threats, to protect your computer with a password (one that only you know) and to install a personal firewall for further protection.

If it seems too good to be true, it probably is and more likely still, it’s a scam.

Scams can take many forms. They can pop up on social media, appear in emails and also via telephone calls.

If you are being tempted with an offer, service or prize, especially one you have to make any payment or provide personal information in order to secure, be extremely wary.

Often, you will be told that the offer is only available for a limited period of time, even instantly, forcing you into making an immediate decision.


Public WiFi access points can be extremely useful but are not always safe.

Many access points do not encrypt the information sent through the WiFi network and for this reason they may be intercepted by another person.

Never log in to sites that do not appear legitimate. Ensure that the site is fully encrypted.

Always access networks that show the padlock icon. When you have finished using a connection, always remember to log out and disconnect from the WiFi network.

Mobile devices are essentially small computers. As with a computer, make sure you install anti-virus software to protect your device from "malware" (malicious software) and keep it secure by using a password or PIN code. Also, be sure to keep your devices updated!

If your phone is stolen, you can block it through your operator provided you have the IMEI code. Make a note of this number, in case you ever need to have it to hand.

The IMEI is a unique 15 to 17-digit number that allows any mobile handset associated with a GSM or UMTS network to be uniquely identified. It does not change during the life of the phone. In order for a phone to be blocked, you must send your IMEI code, along with a written request, to your operator so they can block the phone.

This identification code is usually printed on a sticker under the mobile phone’s battery, but it can also be obtained by dialling the combination *#06#. The IMEI number will then appear on the screen to uniquely identity the mobile phone you are using.

Treat your personal data as if it were money in cash.

Do not give personal information to just anyone. If you decide to do so, make sure you have read the legal terms of the website where you intend to enter your data. This way you will know exactly how your data is going to be used and who will be able to access it.

As a general rule, remember to only provide your information on encrypted and trustworthy websites. Make sure to look out for "https" at the start of the web address.