Phishing

Phishing is one of the most widespread digital frauds. The attacker tries to trick the victim into taking an action against their interests. For example, revealing credentials and giving access to personal information, such as bank details; download malicious software or visit malicious websites.

Email is by far the most common way to receive phishing, but there is also phone phishing (vishing) and SMS phishing (smishing).

It is estimated that billions of phishing emails are sent every day. Phishing cases do not stop and become more sophisticated over time.

How can it be detected?

The attacker usually conveys a sense of urgency. With this, the victim tries to follow the instructions in the message without thinking.

Tips to prevent it

Although there are filters to remove these emails, they are not foolproof tools. They work well against large-scale phishing campaigns, but not against targeted attacks (spear phishing) or phone or SMS phishing. In the case of mail, the effectiveness of the filters is less when the phishing is sent from the account of a user who has been a victim and whose credentials have been stolen. This phishing spread to a victim's contacts is quite common.

Some tips to avoid becoming a victim:

Be suspicious of unsolicited messages that convey a sense of urgency or offer things for nothing.
Malicious mail can also come from someone you know, if your credentials have been stolen. You must also be aware and ask yourself if it is the usual type of message from this person.
Search for part of the text of the message in a search engine, to check if it is associated with any known phishing.
Contact the person by another means, to confirm the validity of the message.