Phishing messages are a type of fraud used by cybercriminals to get credentials.
Phishing attacks are a type of fraud that is very present on the Internet. Your goal is to get credit card numbers, other bank details, passwords, or any information that contains sensitive data.
Usually it is associated with sending fraudulent emails that can include links to totally fake websites. In addition, their appearance can be misleading to users.
To facilitate understanding of the concept we will use an example of an ordinary postman.
- The postman tries to illicitly replicate the format of one of the cards that has to be delivered almost to the original.
- In the content of this, asks you to send your answer to an address that does not correspond with what you usually answer.
- In addition, you must add some of your personal data to the content.
- Once sent, it will be when the mailman receives his letter and see his personal data as he modified the address to an accessible one for him.
Thus, phishing messages try to make the user believe that they come from reliable and legitimate organizations. The main objectives of the cybercriminals are usually banking entities, online payment systems, government entities etc. In short, it is a falsification in which the type of message of a legitimate email or original web site is usually replicated with great accuracy.
How does it take place?
One of the most common techniques is through the aforementioned emails. You are kindly asked to enter your credentials to validate, confirm, or update certain information in your account. You are also warned that there is an urgent motive or there has been some major error.
At this point, the same mail contains a link that redirects the user to the fake Web page, a replica of an original. The same will introduce your personal data to attend to the request that has been made. This is where the theft of your information occurs. At last The data are sent to the cybercriminal as it is the owner of the fraudulent website.
How to recognize or avoid phishing?
The most common thing is that the request received tries to reveal to the user personal or sensitive information by means of the use of emails and/or websites. Phishing itself cannot be filed, but if it can be detected using some of the following techniques:
Daniel Arjona Rivera | IT CyberSecurity Consultant at R3 CyberSecurity