Phishing is considered one of the most prolific cybercrimes affecting individuals, companies and large institutions. Basically, it consists of supplanting the identity of a person or a brand/company through different media based on new information technologies.

The objective is to trick the recipient of a phishing email into providing confidential information used subsequently to carry out a financial scam. The basis for this cybercrime is none other than the main problem posed by the internet: distinguishing the true from the false.

We can identify several types of Phishing, depending on the media:

  • Deceptive Phishing: The user receives an email in which the cybercriminal pretends to be a trusted company in order to obtain confidential information, usually banking information with which to steal money. Sometimes, the email includes a link that redirects to a malicious site. It can be a cloned page whose URL is almost identical to that of the legitimate site. This is the system par excellence because it allows the use of more elements to create the deception: text, images, data…
  • Smishing: The cybercriminal usually pretends to be a trusted company and sends an SMS informing the user that they have won a prize, or offering them some kind of advantageous service. The objective is to trick the user into clicking on a link or downloading software that will ultimately steal their information.
  • Vishing: The cybercriminal uses voice calls posing as a supplier, operator, a support center, a bank, etc. with the aim of collecting certain personal information with which to later create the scam.

The fight against this type of crime has begun and cybersecurity companies try to generate antiphishing systems with the aim of identifying those communications or websites that may be false.

For their part, cybercriminals try to innovate so that their emails, text messages or calls are increasingly credible for users and get through the filters created by these antiphishing systems.