Social networks have replaced email as the main means of scams in Spain, according to the 2025 Consumer Cybersecurity Report published by BitDefender and based on an independent survey of more than 7,000 people around the world.
The study analyzes the main Cybersecurity behaviors, practices and concerns of users globally, revealing important deficiencies that leave them exposed to threats such as malwareonline fraud, data theft or deception driven by artificial intelligence (AI). This year’s results underscore the dual role of AI: while it powers more advanced protections for users, it is also being used by cybercriminals to create more credible scams and manipulate public information.
“These results highlight the growing importance of cybersecurity awareness, especially as attacks on consumers become more frequent and sophisticated in the age of artificial intelligence.”says Ciprian Istrate, Senior Vice President of Operations at Bitdefender Consumer Solutions Group. The executive notes that his company uses AI to combat cybercrime, but threat actors are also using it to improve their attacks. “Strong passwords, good cookie management and trusted security solutions can make all the difference. Cybercriminals don’t rest, but awareness and the right tools empower users to defend themselves.”he emphasizes.
Cyber scams in Spain: main conclusions
- Social networks surpass email as the main channel for scams for the first time. Social networks are now the medium most used by cybercriminals, with 34% of cases, ahead of email (28%), phone calls (25%), SMS (24%) and online ads (21%). The generational differences are significant: people between 25 and 34 years old are more than twice as likely to fall for a scam through social networks (43%) than those over 55 (20%). In Spain, the platforms most used for this type of deception are WhatsApp, Instagram and TikTok, especially among young people between 25 and 34 years old.
- AI scams dominate consumer concerns. When asked about artificial intelligence, the main concern was its use in sophisticated scams such as deepfakes (37%), followed by job loss (30%) and misinformation (29%). In Spain, consumers rank misinformation as the second biggest threat after scams, a concern that has grown significantly compared to the previous year, in line with the rise of content generated by AI.” By age, almost half of those over 55 (46%) are concerned about AI scams, compared to just over a third of millennials (34%).
- Scams continue to seriously affect users. 14% of respondents (1 in 7) acknowledged having been a victim of a scam in the last year, and an additional 4% are unsure. With an estimated average loss of $545 per scam, this equates to more than $534,000 lost among study participants. The United States leads the number of victims (17%), followed by the United Kingdom (16%) and Australia (16%), while France has the lowest percentage (11%). In Spain, the percentage is similar to the average, with 14% of consumers claiming to have fallen for some type of online deception.
- Spain leads the use of mobile security solutions. Nearly half (48%) of global respondents do not use a third-party security solution on their phone, even though more than half make sensitive transactions such as online payments or purchases. They also do not adequately protect other devices: 58% do not use security solutions on their computers and 82% on their tablets. In contrast, Spain stands out as the European country with the highest adoption of mobile security, with 57.6% of users protecting their device.
- Consumers manage an average of five online accounts. Participants reported having an average of five online accounts, and almost two-thirds have at least three. 32.8% have between 3 and 5 accounts, and another 32.4% between 6 and 9, a slight reduction compared to 2024. The United Kingdom leads with more users managing 6 to 9 accounts (40%), while Spain (21.7%) and France (25.6%) present the lowest figures.
- Poor password practices continue to compromise security. More than a third (37%) of respondents still write down their passwords on paper, and 32% reuse the same password across multiple accounts. In Spain, the data are similar, although an improvement is observed in the use of password managers compared to the previous year, especially among younger users. Young people between 16 and 34 are more likely than those over 55 to reuse passwords on three or more accounts (20% versus 14%), and bad practices are more common among those who have been scammed (23%) than among those who have not (16%).
- Lack of cookie management puts privacy and security at risk. Almost half (48%) of respondents accept all cookies by default, while only 36% manage them manually and 16% reject them completely. 75% admit that they do not read—or barely review—the conditions before accepting them. Convenience is the main reason: 70% do it to quickly access content, while 25% show no concern about data tracking. This behavior exposes users to privacy and security risks, as cookies can allow profiling, data exploitation, or even session hijacking. This behavior is also common in Spain, where the majority of users prioritize speed of access over privacy management.
- Privacy and trust in technology. The report also highlights that more than one in five Spaniards (21%) want to keep their location private from big technology companies, and 59% avoid sharing their financial information online, showing greater privacy awareness than other European countries.
