Phishing is a method used to try to gather personal information using emails and spoof websites.


What is phishing?

The term phishing refers to the sending of emails that appear to come from a trusted source (such as banks, utilities, etc.) yet are really intended to trick the recipient into revealing confidential information. That's why it is always advisable to access Web pages by writing the address directly in the browser.


How does phishing work?

Most phishing attacks begin when the victim receives an email or message in which the sender purports to be a bank or another real company or organization in order to trick the recipient. The email contains links to websites prepared by the criminals -and with the appearance of a legitimate website- which asks the victim to enter personal data.

There is a link therefore between spam and phishing, as the fraudulent emails are often sent massively to increase the number of potential victims. Yet, even though email is still the most common method used by cybercriminals for this type of fraud, phishing can take advantage of other means of communication, including: SMS (sometimes dubbed 'smishing'), VoIP ('vishing') or instant messaging on social networks.

Cybercriminals also use certain social engineering tricks to alarm recipients, with warnings and emergency alerts to spur victims into action. The idea is to get users to act immediately without stopping to consider potential risks.


How to identify a phishing message

  • It is unusual for companies -whether they are banks or utilities- to ask for personal data via email. The simple fact that a message like this appears should raise your suspicions.
  • It is not always easy to recognize phishing messages by their appearance. However, producing a good replica of a company's format requires time and effort that criminals are often not prepared to invest. Errors, typos and spelling mistakes are frequently a giveaway. Also, check the address of the sender.
  • Take care with the operations you carry out from your smartphone. The popularity of these devices has seen many users use them for all types of tasks. Criminals know this and try to take advantage of the lesser visibility of small screens and weaker general security.


How to protect against phishing

  • After reading the email don't click on any links. Make any checks in the personal area of the corresponding website, accessing directly by entering the address in your browser.
  • Improve the security of your computer. Common sense and good judgment are vital to keeping your system protected, but you should always have the latest updates to your operating system and browser.
  • Ideally, you should also have an additional security layer with a professional antivirus.
  • Only enter confidential information in secure websites. To check that a site is secure, the first step -though not the only one - is that the address begins with "https://", meaning that the transfer protocol is secure, and a closed padlock symbol should appear in the browser.
  • Check your accounts frequently. It's always worth checking bills and bank accounts from time to time to see if there are any strange transactions.
  • If you are not sure, don't take chances. The best advice with phishing is to encourage caution among all members of your organization. Check the authenticity of any content if you have any suspicions whatsoever.