Photo by Lorenzo Itza, shared and edited by Global Voices with his permission.

Currently, many Mayan speakers use cell phones to speak Yucatecan Maya, send audio files via WhatsApp, or watch videos on Facebook. Data plans focused on social media have been key to these tools’ popularity, while touchscreens and icons make them easier to learn. The increase in the number of affordable cell phones in Mayan communities along Mexico's Yucatán Peninsula has fueled a technological revolution — and with it, certain risks.

As an IT technologist who works with Mayan-speaking communities, I frequently hear people say, “My Facebook was hacked,” or “I got a virus.” When I ask what happened, I realize that the problem often stems from a lack of knowledge about digital security. These cases motivated me to write this article.

The internet is like a large, crowded plaza: would we tell just anyone our personal information, banking details, or home address? Yet, without realizing it, we often do this online. Privacy is something we must keep in mind when using social media or sharing information.

Mayan speakers who have experienced cyberattacks

Despite having basic computer skills, Bernardo Caamal, a Mayan agricultural and cultural promoter in the Yucatán Peninsula, has been the victim of digital fraud attempts.

Photo by Bernardo Caamal Itza, shared with his permission.

Caamal frequently receives emails asking him to “protect his account” or “prevent his email from being suspended.” These messages caused him concern, so he consulted an expert, who explained that they were attempts to steal his information. These emails seek to scare the recipient into clicking on links that appear legitimate, but are actually traps designed to steal passwords.

Caamal reflects:

Las cuentas son muy vulnerables, pues hay mucha información. De hecho, a mí me da miedo, ¿no? Porque aparecen nuestras fotos, aparecen momentos familiares, aparecen muchas cosas.

Accounts are very vulnerable, as there's so much information. In fact, it scares me. Because there are our photos, family moments, so many things.

On another occasion, one of his WhatsApp contacts asked him for money via bank transfer because he supposedly had an emergency. Caamal suspected it was fake and confirmed through another means that his contact had been hacked — someone had taken control of the account and was trying to scam his contacts.

Since then, he has protected his devices with PIN codes:

No me gusta eso de estar poniendo numeritos al celular o a la computadora, pero es parte de la protección a la información, porque, si roban mi computadora o mi celular, mis amigos y mi familia están muy expuestos al material que les pidan, el dinero, o mil cosas que suceda en el mal uso del equipo.

I don't like putting numbers on cell phones or computers, but it's part of protecting information, because if my computer or cell phone is stolen, my friends and family are very exposed to the material they ask for, the money, or a thousand other things that happen due to misuse of the equipment.

As a promoter, Caamal chooses to show his face and use his name in order to to build public trust and be transparent — but during the pandemic, he received extortion calls and threats on account of his work. Although we may think this only happens to public figures, what criminals value is our personal information, which we sometimes publish in public Facebook groups and social media accounts, and on our contact lists.

Avoiding other types of fraud

A culture of digital security is about developing good habits when using cell phones and the internet, and being aware of the dangers that exist, including account and bank card theft, and scams.

Although many social networks assure us that they use “end-to-end encryption,” that's not enough. This type of encryption protects messages in transit, but it doesn't prevent fraud where the victim unwittingly provides information. A common WhatsApp scam works this way. A criminal calls or texts, pretending to be from a delivery company. They ask for a code that is supposedly used to deliver a package; in reality, it allows the criminal to install the victim's WhatsApp account on their own cell phone, thereby stealing the account to access their data and scam their contacts. In such cases, it's best to check the status of the package's order on the company's official website and not share codes over the phone. If the call appears to be from a bank, go directly to your branch.

Although they may seem real, fake videos and images generated by artificial intelligence also circulate, with the goal of spreading false information (about politics, for example) or of luring people to fraudulent websites where they can steal data or infect devices with viruses. To protect ourselves, we should be alert to local media outlets reporting on scams and fake news, avoid clicking on tempting ads (like sweepstakes, prizes, free cars, or “miracle drugs”), and consult with experts before sharing our data or clicking on suspicious links.

In our communities, even though we don't have the technological infrastructure of cities, the internet has become essential for daily communication, which opens the door for those with malicious intent to take advantage of our lack of knowledge about digital risks. It is therefore important to share information, in our languages, about how to protect our data and prevent the theft of our email and social media accounts.

Strengthening the culture of digital security

There are several habits you can develop that will help keep you safe online. First, make sure to keep your devices’ operating systems up to date, including security patches and other improvements.

As a community, we also need to keep learning by consulting websites that teach us how to protect ourselves. (In the following section, we share some useful resources.) Speaking of websites, we need to verify that the ones we visit are safe. Most browsers will advise when a page is unsafe.

Finally, if you are knowledgeable about digital security, share strategies and tips with family, friends, and colleagues. This way, we will collectively be better equipped to protect ourselves and browse the internet safely.

Suggested resources

• • Luchadoras — A feminist collective that thrives both online and offline.
  • Derechos digitales — A human rights, technology, and public interest organization serving Latin America.
  • R3D — A network in defense of digital rights.
  • SocialTIC — A non-profit dedicated to research, training, support, and promotion of information and communication technology (ICT) for social purposes.
  • Internet Segura For Kids, IS4K — Internet Safety Center for minors in Spain; the Spanish National Cybersecurity Institute (INCIBE) shares information to raise awareness and assist with issues related to the safe and responsible use of the internet.
  • Oficina de Seguridad del Internauta — Educates people about good internet security habits, raises awareness of users’ own cybersecurity responsibilities, and helps minimize security incidents.
  • Security-in-a-Box — Tools and tactics for digital security.
  • Verificado — Media outlet specializing in fact-checking in the Mexican context.

Digital security terms you should know

• • 2FA (Two-Factor Authentication or Two-Step Verification) — A second way to log in to an account. In addition to entering a password or logging in through a social network or email, you will be asked for a code to verify that it's really you. This code is sent by the platform or website via a text message or an app.
  • Server — A computer connected to the internet whose function is to make pages and platforms accessible. When a page or platform doesn't work, it is often said that “the server is down.”
  • Encryption — A technology used to protect information by converting it into a format that cannot be read in the event of attempted information theft.
  • End-to-end encryption — Encryption that protects your information from the moment a message is sent until it is delivered. Should the message be intercepted, the attacker will not be able to read it because it is protected. This type of encryption prevents service providers from viewing the content stored on their servers.
  • End-to-end security — Encryption that protects information during transit. If the message is intercepted, it is protected, so the attacker will not be able to see it; however, the service provider will be able to read the information stored on its servers.
  • PIN — Numbers used to unlock apps, software, computers, or cell phones.
  • Biometrics — Fingerprints, iris scans, facial expressions, or voice scans that are used to unlock a cell phone or computer, used as alternatives to passwords or PINs. They can also be used to access banking and other apps.
  • Remote access — When someone controls a computer or cell phone from another location using software or an app. Remote access is used to provide technical support when people are not in the same space.
  • AI — An acronym for Artificial Intelligence. AI technology attempts to imitate human thought processes; it currently allows for the generation of images through descriptions, the cloning of human voices and creation of realistic videos, and the automation of tasks.
  • Antivirus — A program that scans computers or cell phones to find and remove malicious programs and prevent virus infections.
  • Phishing — When someone impersonates an individual, company, or organization to steal data (such as fake emails requesting payment).
  • Malware — Programs or apps created by cybercriminals that are installed without permission and seek to damage, spy on, or steal information stored on computers or cell phones.
  • Doxing — When personal information is published without permission in order to anger or encourage people to attack the person whose information was shared.
  • Vishing — A fake phone call made by scammers, in which they pretend to be someone close to them, such as family members or trusted friends.
  • Account takeover — When a cybercriminal obtains passwords or access to digital accounts like social media or email.

Digital Security in Latin America
This article is part of a four-part series analyzing digital security incidents in Latin America and offering recommendations for mitigating them. The series was made possible with support from the Rapid Response Fund of the Derechos Digitales organization.