What are phishing messages?
Phishing is a type of attack that uses social engineering techniques to capture sensitive information from a victim via email.
- When this technique is used via SMS, it is called smishing, and when used via telephone (voice), it is called vishing.
- This technique can also be used via instant messaging on social media applications.
What to do?
- Do not click on attachments or links in suspicious emails, instant messages, or text messages;
- When contacted, confirm the authenticity of the email address, profile, or phone number of origin;
- Always evaluate the appropriateness of the content of emails, instant messages, text messages, or phone calls;
- Do not share personal data or follow instructions without checking the authenticity of the request with other sources—for example, with your bank account manager or a superior;
- Be wary of messages with formal language errors, but also do not trust all messages just because they do not contain formal language errors;
- In organizations, carry out simulations of phishing and smishing attacks, and possibly vishing attacks, in order to raise awareness and increase vigilance regarding these methods;
- Do not share sensitive data on social media, as this practice can provide information to potential attackers who want to carry out spear phishing (phishing targeted at a specific person);
- Report to the organization’s IT security managers or the authorities whenever you are the target or victim of such an attack;
- Be alert and do not allow yourself to be persuaded without reflection by authoritative requests, promises, or urgent requests.