GlossarySpanish version

Support article

Phishing

Phishing is a deception technique used by cybercriminals to fraudulently obtain confidential information, such as usernames,...

Published: 30/06/2026Updated: 30/06/2026

Phishing is a deception technique used by cybercriminals to fraudulently obtain confidential information, such as usernames, passwords, credit card details, and other sensitive data. Attackers often impersonate a trusted source in electronic communications, primarily through emails, text messages, or fake websites.

Characteristics of phishing:

  • Legitimate appearance: The messages and websites used in phishing are designed to look as similar as possible to those of legitimate institutions, such as banks, credit card companies, online service providers, and even government entities.
  • Requests for personal information: Phishing messages often urge users to provide personal information, access a link, or download a file that can result in information theft or malware installation.
  • Urgency: Many phishing attempts include a sense of urgency, pressuring victims to act quickly, which reduces reflection time and increases the likelihood that the message recipient will reveal sensitive information.

Types of phishing attacks:

  • General phishing: This approach uses generic messages that are not personalized for the victims and are usually sent to large numbers of people.
  • Spear phishing: Unlike general phishing, spear phishing is highly personalized for the recipient. Attackers can use specific information about the individual to make the deception attempt more credible.
  • Whaling: This type of phishing is aimed at senior executives or important people within an organization. The messages may be designed to look like critical business communications.
  • Smishing and vishing: Phishing carried out via SMS (smishing) or phone calls (vishing), using similar techniques to deceive people and obtain personal information.

Phishing prevention and protection:

  • Education and awareness: Regular security training can help individuals recognize phishing attempts and adopt safe email handling and web browsing practices.
  • Source verification: Always verify the authenticity of requests for personal information, especially when they come from sources that require urgent action.
  • Use security solutions: Installing and keeping antivirus software and anti-spam solutions updated can help filter many phishing attempts.
  • Multi-factor authentication: Using multi-factor authentication wherever possible can add an additional layer of security, making the theft of a single piece of information insufficient to access protected accounts.

Phishing remains one of the most common and effective security threats on the Internet today, making it a constant focus of concern for individuals and organizations seeking to protect their confidential information.