Thursday, March 28

Phishing: What is it and how to avoid it?


We have all received a email or SMS from a bank or a service company or similar in which we are ordered to enter a link that is provided to us and we are asked to verify personal data, bank details or passwords.

At first sight look like trustworthy emails or messagesbut these are fake web pages that mimic real pages.

impersonate identity

Phishing is a computer technology which consists of supplanting the identity of a bank or a company to obtain personal data from users.

How can they be detected? There are several ways to identify a phishing attempt, but be vigilant, because cybercriminals invent new formulas almost daily to get some unsuspecting person to bite and be able to steal any data with which to impersonate their identity.

  1. From address: there are strange or untrustworthy email addresses. If this is the case, it is better to distrust or contact directly the company that supposedly sends the email.

  2. Non-personalized greeting: If they address you without using your name and they also do not distinguish your gender (that is, it is a generic greeting), it is likely that it is a phishing attempt.

  3. Request for personal information: companies or banks do not usually request personal data through emails or messages.

  4. Urgency: If companies order you to give personal data and warn you that your account will be suspended or give you a short period of time to provide it, it is probably phishing.

  5. Threats: As with urgency, companies do not usually threaten to deactivate accounts either. If it happens, it’s suspicious.

  6. Incoherent links: a phishing generally contains a link in which the company name does not match the name of the url. In addition, the url does not usually start with ‘https://’, ​​but it removes the “s” for sure and stays with ‘http://’.

  7. If the email has misspellings or grammatical errors.

  8. Attached files. Be careful when opening unverified attachments. Large companies usually have ‘online’ forms -not words or PDF- to request data from their clients.

  9. Signature: A business email without additional sender information or corporately signed (no custom name) is usually not a reliable email.

  10. Without consent: By law, users must give their prior consent to a company through opt-in to start receiving their communications. If you receive an email from a brand you’re not subscribed to, it’s best to delete it.

What to do in the face of a phishing attack?

Related news

Also Read  Google buys Mandiant for 5.4 billion dollars: one of the most reputable cybersecurity companies in the world

If you receive a suspicious email or message, it is best to send it to spam without selecting anything, not even the usual ‘Unsubscribe’.

In the event that it has been entered somewhere, it is best to change access passwords and notify the company or entity that they have supplanted.

Leave a Reply

Your email address will not be published. Required fields are marked *