Phishing is, in short, a cyber-phishing attack to trick users into revealing sensitive information, such as a credit card number or telephone number. Attackers imitate legitimate sources, such as banks or social networks, in order to persuade the weakest link in cybersecurity, people. Education and digital awareness are key to identify phishing attempts, both to protect our personal and professional information.
Don't you have a corporate email service yet? We recommend you to take a look at our hosting offers.
Our Hosting gives you the freedom to tailor your website to your brand and goals.
Phishing attacks come in various forms that are tailored to exploit different vulnerabilities and deceive targets in the most unique ways. Here are the most popular ones:
Email phishing: Also known as "email phishing", this is the most general form of phishing, consisting of non-legitimate emails, imitating companies in order to obtain information, people, or access credentials. They usually contain links to fake websites that look real.
Spear phishing: Is targeted in a specific form of email phishing to individuals or organizations. After an initial gathering of information about the potential victim, and being able to craft a more convincing email. Within the spear phishing attack, there is Whaling, which targets people with a high job profile, such as CFOs or CEOs.
Compromised Commercial Email: Also known as BEC, cybercriminals attempt to impersonate executives or employees of an entity in an attempt to induce others to send money transfers or information to fake accounts.
Clon phishing: This is an almost identical replica of a legitimate email that the recipient has previously received, but with malicious links or attachments. Its danger lies in the fact that it can be trusted, as it appears to come from a trusted source.
Pharming: Its purpose is to redirect users from official websites to other fraudulent websites. For this purpose, a DNS configuration manipulation attack is usually performed (DNS Spoofing).
Smishing: Or phishing by sms, this attack consists of sending text messages to the mobile device, with the aim of tricking the potential victim to click on fraudulent links, or to provide personal data.
Angler Phishing: The cybercriminal impersonates an entity's customer service or support staff on social media or other platforms with the objective of requesting private information or directing them to phishing websites.
Phishing emergente: Pop-up windows appear in the web browser while the user is surfing the web, claiming to have a computer virus on their device, or that they have won a prize. The user is usually prompted to enter personal information or download malicious software.
There are two parts to protecting yourself and your company. First, it is highly recommended that everyone in the company knows how to identify phishing messages and their various attacks. Secondly, it is to have a good cybersecurity infrastructure for all computers and devices related to the company. When faced with this type of situation, as with any other unwanted message or spam, the best thing to do is to delete them and ignore them. In the event of a phishing case, you should always bear in mind the following recommendations:
Pay special attention to emails that appear to be from a bank or service if you were not expecting it.
Doubt if there are grammatical errors in the body of the message, as no reputable service would send poorly written messages.
Haste was never a good thing; be wary.
Check that the text of the link in the message matches the address it leads to, and that it corresponds to the official URL of the service. In these cases, it is usual that the hidden links do not match the text of the message, and lead to unwanted sites to save your information.
An entity with a certain reputation will use its own domains for its corporate email addresses. If you receive an electronic communication from an address other than that of the company that originally sent it to you, be suspicious.
You can remember this formula: request for bank details + personal details = fraud.
Remember that it all adds up. If you have detected a possible case of phishing, you can report the case to the Spanish entity INCIBE, the National Institute of Cybersecurity. To do so, they provide you with a contact form for you to expose your case, in addition to their email box [email protected]. When the incident is reported through the form or mail, INCIBE staff is responsible for its evaluation, and help to mitigate and reach the resolution, both in the technical aspect of the computer attack, as the complaint in other entities.
Would you like to host your corporate email services on your own private server? Take a look at our cloud solutions with our integrated SWPanel that will greatly facilitate all your management.
