Information Security

We recommend that you take certain precautions before providing information on the internet. You must ensure you provide details safely. Check out our advice and make sure you're using without putting your data security at risk.

Think about passwords as if they were keys. Do not use the same password for several accounts or services; if it's stolen they can access all your accounts.Try to use a "strong" password (difficult to decipher) by combining upper and lower-case letters, numbers and special characters (if permitted). The longer your password is, the better.

Avoid the use of personal information, dictionary words and consecutive numbers.

Iberia Express will never request your personal information or log-in details by email.

"Phishing" is a common type of internet fraud and consists of sending emails that claim to be from major companies such as banks, financial institutions or companies where payments and online purchases are made, etc. These e-mails offer apparent promotions or benefits in the name of the company for the purposes of committing crimes such as identity theft and withdrawal of money, among others. They include a link which takes the user to a website, in theory a well-known one, but which is really a false copy of the original. The purpose is to obtain confidential information from the user (log-in details, credit card details, etc.), by capturing them to a data base when entered by the user on the false website, for later use on the real website on the part of the attackers.

To avoid falling victim to this type of fraud, we recommend:

  • Verifying the source of information. Do not automatically respond to any email requesting personal or financial information.
  • Do not click on any hyperlinks or links included in the email. That may conceal the fact that they are directing you to a fraudulent site. Type directly the web address in your browser or use Bookmarks/Favourites if you want to access quickly.
  • Ensure that website you've entered is a secure address. For that, it should start with https:// and a small padlock icon should appear in the browser status bar.
  • Bear in mind that competent service providers do not send messages addressed to "Dear customer," with no personalization (it is common that they indicate that, in reality, they know who you are). Do not be fooled by the fact that the message includes meaningless reference numbers that cannot be verified.
  • Nor should you forget to apply basic precautions such as hovering the cursor over the links to see the real address.

If you receive any communication of which you are in any way suspicious regarding a booking you've never made, or that contains a booking reference that does not coincide with the one you received from us during the purchase process, or any other message that seems strange to you, please delete it and, if you wish to, contact our Customer Service Centre to clarify any doubt or query.

If you've received an email of this nature and you have entered your details on a fraudulent page, we recommend that you immediately change the password of your Iberia Express account on and of any other accounts where you use the same password. On this issue, again, we recommend that you use different passwords for different services.

Pay attention to the website's URL. There are fraudulent websites that look entirely real. Check it accurately!

When making payments online, only use secure connections (https: // ...). Make sure the green padlock icon appears when you are providing personal data or payment details.

Online payments of any kind should be exclusively carried out through encrypted pages. According to the signature, the encryption certificate also includes a control to know if the website is real. We recommend that you enter https in place of http in the address bar and check for the padlock icon which should appear green in colour.

At, once data is provided, https pages are used.

Ensure that you have installed an anti-virus protection programme and that it is up to date. Ideally, in addition to protecting against viruses, the program should feature protection against malware (malicious software). More and more anti-virus programmes include these two features as standard, but it is recommended that you make sure that the programme we choose fulfils everything.

Maintain your operating system up to date, as updates include protection against the latest security threats.

Protect your computer with a password and keep it secret.

We also recommend that you install a personal firewall on your computer.

If it seems too good to be true, then it probably is and it's probably a scam.

Scams take many forms, by social media, email, telephone calls, etc.

You should be suspicious if they are offering you an offer, service or prize, especially if you have to make any payment or provide personal information.

Often, offers are only available for a limited period of time, even instantly, obliging the person to make an immediate decision.


Public WiFi access points can be very useful but are not always safe.

Many access points do not encrypt information sent through the WiFi network, and for this reason they may be intercepted by another person.

Never log in to sites that do not appear legitimate. Ensure that the site is fully encrypted.

Always access networks that show the padlock icon. When you have finished using a connection, remember to always log out, disconnecting from the WiFi network.

Mobile devices are essentially small computers.

Install an anti-virus software to protect your device from "malware" (malicious software)

Protect your mobile using a password or PIN code

Keep your devices updated

If your phone is stolen, you can block it through the operator if you have the IMEI code. Keep this information at hand in case you have to make use of it some day.

The IMEI is a unique 15 to 17-digit number that allows you to unequivocally identify any mobile handset associated with a GSM or UMTS network and it does not change during the life of the phone. Among other things it allows for mobile phones to be blocked in the event of robbery, leaving them non-functioning. All we have to do is simply give notification of the IMEI code in the written report provided to authorities, so that the operator can block the phone.

This identification code is usually printed on a sticker under the battery of the mobile phone, but it can also be obtained by dialling the combination *#06#, which will allow you to see the IMEI using your own mobile phone.

Treat your personal data as cash money.

Do not give personal information to just anyone. If you decide to do so, make sure you have read the legal terms of the website in which you are going to enter the data, so that you know exactly how these will be used and who will be able to access them.

Only provide your information to encrypted and trustworthy websites (look out for "https" at the start of the web address).