The term phishing is used in the field of computing to refer to a crime that is carried out by substituting the identity of a user. Through a fraudulent action, a criminal obtains confidential data that he exploits to his advantage.
- Phishing can lead to the criminal accessing bank account numbers or credit cards, for example. With these data in your possession, you are in a position to steal money from your accounts or use those amounts to make purchases without the legitimate owner of the resources noticing.
- Phishing is often done through an email that appears to come from a trusted source (a company, a government office, a close friend of the victim, etc.), when in fact it is a fake message. These emails usually contain a link to a site where the deceived recipient enters their personal information and unknowingly provides it to the criminal.
Another possibility is that the individual reaches a fraudulent website by another means, such as an instant messaging communication or even a search engine. Apparently, the site appears to belong to a company or government agency but is nothing more than a facade for data theft.
- Since phishing is usually carried out using a name and even a trusted image (such as the logo of a company), in addition to putting in the sender the real data of the person they are posing as ( the name of an employee or an Internet address too similar to the original, for example), it is very difficult to detect these types of attacks with the naked eye. However, there are certain details that give them away in most cases.
- PhishingTo avoid phishing, therefore, these details must be taken into account every time we decide to read an email message or click on a link. The first that we can mention is that companies do not request personal information via email, especially banks or those entities in which our money is at stake. So we should never reply to messages that we have not specifically requested or click on their links.
- In which cases could we request a message with a link? For example, when we want to recover or change our password: the normal thing is to receive a link that directs us to a form where we can enter a new password. Something similar occurs when we register on a site that requires confirmation of our email address. But saving these two situations and a very similar one, we should be suspicious of any message that forces us to interact with its elements.
Another recommended practice to avoid phishing is to be suspicious of attachments that come to us without our requesting them or without the sender having told us in advance that they would send them to us. If a co-worker tells us that we will receive a scanned document by email throughout the day, we should not be suspicious; but if such a message comes to us spontaneously without prior notice, the best we can do is contact the sender and ask her to confirm that she really sent it to us. Of course, we shouldn’t use the “reply” function, but write a new and independent message, or take advantage of another messaging program.
- Those who have been victims of phishing know that criminals sometimes try to appeal to our sensitivity by using sad stories or by promising us rewards if we follow their instructions. They can also try to make us believe that our security is in danger.