WHAT IS PHISHING?
Phishing is a social engineering technique used by cybercriminals to fraudulently obtain users' personal data. The personal information targeted by phishing is typically confidential, such as usernames, passwords, or credit card details.
Phishing comes from the word "fishing," alluding to the goal of "fishing" for user data, a fraudulent act perpetrated by a cybercriminal, also known as a "phisher." It is a form of computer fraud recognized as a crime of identity theft.
How is it distributed?
Phishing attacks users by sending mass emails, like spam, falsifying the sender as if it were a banking entity, in order to obtain personal and financial data, such as access codes.
These types of emails usually ask the user to take an action urgently, such as confirming or sending the data, under an excuse such as a technical failure, changes in security policy, fraud detection, contests, etc.
Given that the message is sent en masse, some of these recipients are, purely statistically, clients of the entity from which this email is being fraudulently sent.
The user reads that their bank is asking them to confirm some information and agrees to do so, without any suspicion, and that is when they fall into the "phisher's" trap and become subject to the orders of this cybercriminal.
Even the link that appears in the "fake email" directs you to a page very similar to that of the bank, which makes you continue the process as if it were normal.
It is when the user enters their data that the cybercriminal obtains the information they need and can use it to connect, without problems, to the victim's account, freely disposing of their funds.
How to detect a phishing attack?
It's not easy to detect when we are being targeted by a phishing attack, because scammers have a very well-researched technique to make it look as realistic as possible.
But there are always small elements that can help detect this crime, such as the existence of some grammatical errors or changed words, which are not usual in the communications of the bank they are impersonating.
In short, it is a fraudulent system, created by cybercriminals who impersonate a banking entity, intending to steal users' personal and confidential data such as username, passwords, bank card number or social security number, in order to profit, criminally, from the victim's income.
