Information security policy

We recognize the importance of the security, privacy and confidentiality of your personal information.

<p> </p>
<div class="cms-button block" data-block-name="cms-button" data-block-status="loaded">
  <div class="cms-button-content">
    <div class="cms-button-container w-full">
<style>
  .cms-button .cms-rich-text-external-icon {
    display: none !important;
  }
</style>
      <a href="/en/about-us/contact-us" target="_blank" data-button="true" data-external="false" class="group relative z-2 cursor-pointer inline-flex justify-center align-center items-center transition-all rounded-[32px] border border-[2px] px-6 gap-2 h-12 bg-background-brand-primary-default border-transparent outline-none focus:outline-none focus-visible:outline-none focus-visible:ring-0 focus-visible:ring-offset-0 focus-visible:shadow-none active:outline-none active:ring-0 active:shadow-none hover:bg-background-brand-primary-hover hover:border-transparent active:bg-background-brand-primary-active active:border-transparent group/cms-button" title="Contact us" style="text-decoration: none; --button-border-active: transparent; --button-border-focus: transparent;">
        <div class="absolute transition-all max-w-full max-h-full w-full h-full outline rounded-[32px] outline-offset-[-4px] z-1 outline-2 group-focus-visible:outline-border-stroke-focus group-focus-visible:outline-offset-[4px] hidden group-focus-visible:block"></div>
        <span class="text-center flex justify-start align-center text-xl font-bold text-text-brand-primary group-hover:text-text-brand-primary">
          <div class="flex items-center justify-center gap-[12px]">Contact us</div>
        </span>
      </a>
    </div>
  </div>
</div>

woman sitting and looking at a computer

General notice

We are committed to the confidentiality, integrity and availability of information in all the activities we carry out to secure the information of our customers, flyers, users, human talent, suppliers and shareholders through the Information Security Management System and the Corporate Information Security Policy

multiple
none
Information Security Management System Policy
false
<p style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5; margin-bottom: 16px;">
  Establishes the commitment of Aerovías del Continente Americano S.A. Avianca, Avianca Ecuador S.A., Avianca Costa Rica S.A., Aviateca S.A., Regional Express Américas S.A.S., and Taca International Airlines S.A. to information security management through:
</p>

<ul style="padding-left: 24px; margin: 16px 0;">
  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Implementing international standards, legal and organizational requirements, and information security controls that enable the management of risks affecting the confidentiality, integrity, availability, and privacy of information, while ensuring compliance with information security objectives.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Promoting a culture of information security and continuous improvement among collaborators (direct and subcontracted) and related third parties (suppliers and contractors).
  </li>
</ul>

<p style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5; margin-bottom: 16px;">
  The objectives of the Information Security Management System are:
</p>

<ul style="padding-left: 24px; margin: 16px 0;">
  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    <strong>Information protection:</strong> Strengthen the protection of the organization’s information by considering risks, security, compliance, and the continuity of processes and technology.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    <strong>Identity and access management:</strong> Optimize access management times for critical systems.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    <strong>Business continuity:</strong> Strengthen the organization’s business continuity program and disaster recovery plan.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    <strong>Vulnerability management:</strong> Ensure compliance with the vulnerability management policy to protect the organization’s systems.
  </li>
</ul>
Corporate Information Security and Cybersecurity Policy
true

1. PURPOSE AND SCOPE

<br>

1.1 Purpose
This policy seeks to establish the information security and cybersecurity guidelines required for the protection of the information of Investment Vehicle 1 Limited (the “Company”) and any of its subsidiaries (with the Company the “Organization”), against situations that may affect the Confidentiality, Integrity and Availability (as defined below) of the information of the Organization and that may cause financial, legal, competitive and/or reputational impact on the Organization (the “Policy”).

<br>

1.2 Scope

The scope includes all the information and valuable resources (Information and Communications Technologies -ICTs-, Facilities, and Operational Technologies -OTs-) associated to or that belongs to the Organization or that is managed by third parties (suppliers and contractors), regardless of the format, medium, in all its forms (digital, handwritten, spoken, printed), presentation and/or place where it is located, including cyberspace.

<br>

2. RESPONSABILITIES

The Risk and Information Compliance Department, is the area responsible for formulating the Policy, disclosing it, reviewing it at least once a year and keeping it updated; monitoring that it is complied with, in accordance with the mission and vision of the Organization, and compliance with the regulations applicable to the Organization, reporting to the Audit Committee of the Company (the "Audit Committee") the relevant matters on information security and cybersecurity.

In the governance of Information Security and Cybersecurity, different instances participate in all the companies described in the scope which have the following responsibilities:

<br>

2.1. Policy approval

The Audit Committee is responsible for ratifying this policy and its updates, monitoring the information risk profile, promoting the culture of information security and cybersecurity, encouraging compliance with its guidelines, allocating resources for compliance, as well as generally monitoring compliance with this Policy.

The Risk and Information Compliance Department has the authority to manage the review of the Policy and its submission to the Audit Committee for its ratification.

<br>

2.2. Information Risk and Compliance Department functions

<br>

 <ul style="padding-left: 24px; margin: 16px 0;">

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Define the scope of the Information Security and Cybersecurity Program aimed at protecting the confidentiality, integrity, and availability of the Organization’s information, ensuring regulatory compliance and implementing industry-recognized best practices and methodologies.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    To promote the effective management of cyber and information security risks, through the identification, analysis, evaluation, and treatment of these risks.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Define processes for the permanent updating of new developments in the regulatory frameworks related to Information Security and Cybersecurity.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
  Support the response to information security and cybersecurity alerts and incidents identified by employees, related third parties and derived from the monitoring done through the information security management platforms that affect the processes, technological resources and systems of the Organization.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
  Define a technology recovery management program to ensure the availability and continuity of critical business functions or process in the event of interruptions.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    With the support of the Legal Department, monitor compliance with applicable laws and regulations related to Information Security and Cybersecurity.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
  Monitor compliance with the Information Security and Cybersecurity program and management system, in accordance with the Organization's mission and vision, and compliance with the regulations applicable to each of its companies.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Through the Legal Department, establish and maintain relationships with authorities, special-interest groups, and other relevant stakeholders in information security and cybersecurity.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
 Support the Organization in actions for the implementation of measures or controls for compliance with this policy.
  </li>

</ul>

2.3. The Organization, its officers, directors, employees (direct or outsourced) and related third parties (suppliers and contractors) who have access to the Organization's information, whether on a regular or occasional basis, in the performance of their duties, are responsible for:

<br>
<ul style="padding-left: 24px; margin: 16px 0;">

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    The knowledge and compliance with this Policy, and the related manuals, procedures, or instructions at the end of the document.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    The implementation of the Policy along with any manual, procedure or instruction established for the implementation of it.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Assuming the risk management of handling the Organization’s information and the implementation of pertinent actions for its mitigation.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Considering information security and cybersecurity requirements in its processes, initiatives, projects and contracting.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Identifying and reporting to the Information Risk and Compliance Department potential events or incidents that threaten or might have the ability to risk compliance with information security policies and/or procedures.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Follow up on the level of compliance with applicable laws and regulations on information security and cybersecurity.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Using the Organization´s technological resources or information responsibly, in environments or applications approved by the CIO (including those associated with AI) and only for authorized purposes.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Identification and reporting alert the Information Risk and Compliance Department of current and emerging cyber threats and cyber risks that may affect the Organization.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Complying with the Organization's practices for the protected and secure use of authentication information or authentication tools (passwords, access codes, MFA, passwordless).
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Manage digital identities and assign minimum privileges for access to information in its various media and in accordance with responsibilities; as well as request the deletion of digital identities and accesses when they are no longer necessary and in a timely manner.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Process leaders must ensure that processes comply with the principle of Segregation of Duties, in order to minimize the risk of concentrating critical responsibilities in a single person.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Definition of operational or technological contingency plans necessary to maintain the continuity of the company's critical processes or services. These must be tested periodically to ensure they remain effective.
  </li>

</ul>

<br>

3. CONTENT

<br>

General and specific aspects of the Policy.

<br>

3.1 The Organization recognizes that information is an indispensable input for the execution of processes, decision making in the development of business objectives and for the design and definition of the products and services that constitute the differentiating factor of what we are to our customers, collaborators and associates. It also recognizes the importance of preventing information security and cybersecurity risks throughout their lifecycle; such protection is framed by 3 properties:

<br>
<ul style="padding-left: 24px; margin: 16px 0;">

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    <strong>Confidentiality:</strong> The information must not be made available or disclosed to unauthorized individuals, entities or unauthorized processes
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    <strong>Integrity:</strong> The accuracy, reliability, and completeness of information must be preserved.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    <strong>Availability:</strong> The information must be accessible and usable when requested by an authorized individual, area or process, and at the time it is required.
  </li>

</ul>
<br>

3.2 The information and valuable resources associated with the information that the Organization uses for the development of its business objectives must be identified; the information and other associated resources must have a responsible person assigned to them, who must make the decisions that are pertinent for their protection, in accordance with the internal requirements and regulations applicable to each company.

<br>

3.3 All information, regardless of the medium in which it is found or the location from which it is accessed, must be classified to establish its sensitivity (the level of reserve that must be maintained on its content) and its criticality (the level of availability required so that business operations are not interrupted). It is the responsibility of the members of the Organization to know the classification of the information they use for the development of their activities; and of those responsible for the processes to define the controls to protect the information according to the classification handled by each Company that is part of the Organization.

<br>

3.4 he Organization identifies as confidential or privileged information, the following information, among other, as the definition of confidential information must be made on case by case basis:

<br>

<ul style="padding-left: 24px; margin: 16px 0;">

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Stock exchange shares, strategic and financial information, information on strategic alliances, reports on projections, results and/or financial disclosures.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Information related to clients, collaborators, shareholders, related third parties, contractors, suppliers, travelers, users, investors.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Insider information for important and confidential company events.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Material non-public information. These are some examples, merger information, strategic projects, disposal, change in dividend policy, business partner information, shareholders information, among other.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Business information that the organization is obligated to protect, patents, inventions, commercial agreements, contracts, software development source code or other information that has the potential to provide competitive advantage.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Practices to optimize revenues, prices, net fares.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Information on the operation and its associated processes.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Security reporting, risk, compliance, internal and external audit, operational incidents, information security and cybersecurity incidents, investigations, and legal matters regarding any of the above.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Reports from or to regulatory agencies regarding confidential information.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Keys, pins, passwords, or information for user corporate networks and/or applications.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Information subject to personal data protection laws (including payment card data) in the various jurisdictions where the Organization is located or develops its business.
  </li>

</ul>

<br>

<p>
  The aforementioned information, and any other that is considered due to its classification as confidential or privilege information may not be used for the personal benefit of any administrator, collaborator or third party that has access to, or for any purpose other than that originally intended for such information.
</p>

<br>

3.5 It is the duty of all those responsible for processes, project or initiative leaders and contract managers to ensure that information risks are identified, analyzed, evaluated, treated and monitored, in accordance with the procedures of the Information Risk and Compliance Department, ensuring that the corresponding risks are kept within the risk levels acceptable to the Organization as stipulated in the following link: MA_AVSG04_054 INFORMATION RISK MANAGEMENT MANUAL.

<br>

3.6 Information resources such as: equipment, business applications, Internet services, Intranet, collaborative tools (e-mail, chat, cloud storage), among others, are provided to all employees of the Organization for the exclusive use of the Organization. Access to and use of these resources must be authorized by the person responsible for each resource and in accordance with the responsibilities of his or her function. Information resources must be returned immediately to the administrator when they are no longer needed.

<br>

3.7 The Organization must ensure that its employees, any officer, manager or any person in charge of information management processes implement information security measures such as, but not limited to: checks and investigations on personal references, work references, work experience, complementary tests, security survey, aptitude and knowledge test, in a manner that supports security policies and in compliance with local regulations.

<br>

3.8 All employees and related third parties undertake to handle the confidentiality of the Organization's information regardless of whether they have signed a confidentiality agreement at the time they join the Organization and are responsible for the confidentiality of the information even after the end of their relationship with the Organization.

<br>

3.9 The Organization shall have a permanent information security and cybersecurity culture program to keep all its personnel informed about policies, information security responsibilities and the continuous threats that put the information it manages and/or processes at risk.

<br>

3.10 Those responsible for contracts and contracting should ensure that the information security responsibilities of third parties and their supply chain who access, process, store or distribute information of value to the Organization are documented in contracts or other service delivery agreements and should monitor compliance throughout the completeness of the term of the contractual relationship.

<br>

3.11 It is the duty of all The Organization and related third parties to report any suspicion, abnormal condition or violation of the policies, responsibilities and procedures of information security and cybersecurity that threaten the Confidentiality, Integrity and Availability of The Organization's information immediately through the channels established by the Organization.

<br>

In the event that the situations described above affect or have the possibility of affecting or having any economical, material, reputational, legal or operational impact for the Organization, they must be reported immediately to the Information Risk and Compliance Department through the channels established by the latter.

<br>

The Information Risk and Compliance Department shall evaluate the incident reports and determine whether they meet the materiality criteria, in which case it shall inform the Investor Relations Department so that it complies with the Policy on Disclosure of Relevant Financial and Non-Financial Information to Shareholders, Market, Stakeholders and Interested Third Parties.

<br>

3.12 The Organization has the responsibility of implementing guidelines and technical measures for the protection of information that is stored, processed, or transmitted; according to its classification and considering, but not limited to:

<br>

<ul style="padding-left: 24px; margin: 16px 0;">

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Information risk management.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Identification and classification of information assets.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Controls for secure data storage and transfer.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Protection against threats such as malware and other potential cyberattacks.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Digital identity management and access control for information, applications, infrastructure, and networks.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Security management for corporate and personal mobile devices and laptops used to provide services to the Organization.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
   Proper use of resources allocated by the organization (internet, corporate technology devices, collaborative sites: SharePoint, OneDrive, Teams, email, others.).
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Network and telecommunications security.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
   Security in the acquisition, development and maintenance of technological resources (including systems and processing environments, and management of technological obsolescence).
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Removable storage media management.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Security of internal personnel and third parties.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Technical vulnerability management.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Cloud security.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Management of security logs, events, and incidents.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Physical and environmental security of data processing centers.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Controls for software installation, development, and storage.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Continuity management, information backup and recovery of technological platforms in case of disasters.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Remote or off-site work.
  </li>

  <li style="font-size: clamp(0.875rem, 0.36vw + 0.765rem, 1rem) !important; line-height: 1.5;">
    Responsible use and development of artificial intelligence (AI) technologies.
  </li>

</ul>

<br>

3.13 The Information Risk Department may carry out monitoring activities in any Company of the Organization, on an exclusive basis, to determine the level of compliance with the guidelines established in this Policy. Including third parties and subcontracted companies that provide management, monitoring, and administration services for Investment Vehicle 1 Limited technology platforms.

<br>

Current legal regulation applicable to the policy.

<br>

3.14 The Organization, its Board of Directors and its executive group must commit to the compliance with the information security requirements established in its internal security policies, as well as those requested by the applicable laws and regulations, such as and without limitation: SOX (Sarbanes-Oxley Act), PCI DSS (Payment Card Industry Data Security Standards), international personal data protection laws, aviation sector regulations, industry or contractual agreements, licensing, intellectual property and others related to information security and cybersecurity.

<br>

3.15 In case of non-compliance with the established or subsequent security policy and/or procedures, the Organization will take the appropriate legal, administrative and/or disciplinary actions, in accordance with the provisions of the internal regulations of each of its companies and/or the applicable international and/or local information security, cybersecurity and personal data protection laws and regulations.

<br>

Effective date of the Policy

<br>

3.16 This Policy is effective from the moment of its publication and is understood to be in force indefinitely unless it is modified or update in accordance with changes in the organizational environment, business circumstances and/or legal conditions. Regarding third parties where the approval of a corporate body is required for its adoption or the consent of a third party, the policy will come into effect when the respective authorizations are obtained.
<br>

Prevalence

<br>

3.17 In case of conflict between the Board Protocol, the Investment Agreement and this Policy, the following will be the order of precedence of the documents: (i) the Investment Agreement, (ii) the Board Protocol, (iii) this Policy.

<br>

Cybersecurity tips

Your information has value, be prepared to face any risk situation that puts your data at risk. Learn how to browse safely:

horizontal
lazy
Recognize any threats
Recognize any threats
Try to use personal computers and be very cautious when browsing. If you have any questions, do not enter or provide your information.
none
Learn to protect your data
Learn to protect your data
Avoid using public wifi networks, use strong passwords with two-factor authentication to safeguard your information from cyber threats.
none

Phishing attacks

Cyberattack used to obtain confidential information by deceiving users through false digital platforms or impersonating identities

vertical
lazy
What is phishing?
What is phishing?
It is a form of cyberattack that seeks to obtain confidential information from individuals, such as passwords, credit card numbers, or other personal information.
none
How to recognize it?
How to recognize it?
If you receive any notification requesting your bank details to make an update, claim a refund, or verify a payment, doubt it immediately! You could be facing a phishing attempt.
none
vertical
lazy
How to protect yourself?
How to protect yourself?
Before clicking any link, verify that the email sender is real, that the website has a secure connection by identifying the padlock and that its address begins with https://
none
How to avoid it?
How to avoid it?
Do not give out personal or financial information through unofficial or unverified digital channels. Confirm the notification by calling the hotlines and ensure its veracity.
none

Scams on social networks

This cyberattack usually uses strategies to get you to make transfers or hand over credit card information and passwords in the name of avianca

horizontal
lazy
Websites that resemble those of avianca (Facebook, Instagram or X) and send links through publications or chats offering false promotions and giveaways so that you can provide confidential information.
none
False job offers in the name of avianca with the aim of requesting unauthorized money transfers. Remember that our jobs are published on official channels and on the website in the "Work with us" section.
none

Be careful!

Doubt all messages or publications on pages in the name of avianca that request confidential information

vertical
lazy
How to recognize it?
How to recognize it?
If you receive a direct message on social media or see a suspicious post asking for a quick transfer or your payment information, it’s a scam!
none
How to protect yourself?
How to protect yourself?
Do not have any interaction without first verifying that they are indeed the official and verified social media accounts of avianca.
none
How to avoid it?
How to avoid it?
Do not provide any information or make any bank transfer without verifying the information on our official social media channels or on our website.
none
Have questions? Chat with us through the Vianca Chat
#fff1f7
#1b1b1b
#ff3093
self
#f8f7f4
top
scroll
cover
true