What is phishing?

Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware.

How does phishing work?

At the beginning, victim receives an email or message where the sender pretends to be a bank or another real company or organization. The email contains links to fake website prepared by the criminals (with the appearance of a legitimate website) which asks the victim to enter personal data.

Phishing can be made via other means of communication, including: SMS (sometimes dubbed 'smishing'), VoIP ('vishing') or instant messaging on social networks.

Cybercriminals also try to alarm recipients, with warnings and emergency alerts to stir victims into action. The idea is to get users to act immediately without considering potential risks.

How to identify a phishing message
  • First of all, remember, banks or other legitimate utilities will never ask you for personal data via email.
  • Look for errors, typos and spelling mistakes on fake website.
  • Check the address of the sender.
  • Take care with the operations you carry out from your smartphone. Criminals try to take advantage of the lesser visibility of small screens and weaker general security.
How to protect against phishing
  • Don't click on any links.
  • Improve the security of your computer.
  • It is necessary to have an additional security layer with a professional antivirus.
  • Enter confidential information in secure websites only - the address begins with "https://", meaning that the transfer protocol is secure, and a closed padlock symbol should appear in the browser.
  • Check your accounts frequently. It's always worth checking bills and bank accounts from time to time to see if there are any strange transactions.
  • If you are not sure, don't take chances. The best advice with phishing is to encourage caution among all members of your organization. Check the authenticity of any content if you have any suspicions whatsoever.