SecuryBlack
Blog/Phishing

Phishing: What It Is, How to Detect It, and How to Protect Yourself

·8 min read
Phishing: What It Is, How to Detect It, and How to Protect Yourself

Phishing is the most common attack on the internet. According to recent data, more than 90% of cyberattacks begin with a phishing email. And no, they're not just those poorly written emails from a "Nigerian prince". Modern attacks are sophisticated, personalized, and difficult to detect.

What is phishing?

Phishing is a social engineering technique in which an attacker impersonates a trusted entity (your bank, a social network, a shipping company) to trick you into:

  • Entering your credentials on a fake page
  • Downloading a malicious file
  • Sending sensitive information by email
  • Making a bank transfer

The name comes from "fishing": the attacker casts bait and waits for the victim to bite.

Types of phishing

Email phishing (the most common)

Mass emails that imitate well-known companies. They use real logos, similar domains, and urgent messages.

Example: "Your email account will be blocked in 24 hours. Click here to verify your identity."

Spear phishing (targeted)

Personalized attacks against a specific person. The attacker researches the victim and uses real information to make the email more credible.

Example: "Hi Maria, I'm from accounting. Can you approve this attached invoice? It's urgent."

Smishing (SMS)

Fraudulent text messages. Very common with supposed package deliveries or bank alerts.

Example: "Post Office: Your package could not be delivered. Confirm your address: [malicious link]"

Vishing (phone call)

Calls where someone impersonates your bank, technical support, or a public institution.

How to detect a phishing email

Pay attention to these signs:

  1. Extreme urgency — "You have 24 hours to act" or "Your account will be canceled"
  2. Suspicious domain — The email comes from support@bancco-santander.com instead of @bancosantander.es
  3. Grammatical errors — Although modern attacks are increasingly correct
  4. Disguised links — Hover over them (without clicking) to see the real URL
  5. Unexpected attachments — Especially .exe, .zip, or documents with macros
  6. Unusual requests — Your bank will never ask for your password by email
  7. Generic greeting — "Dear customer" instead of your real name

Why does phishing work so well?

Phishing attacks exploit human psychology, not technology:

  • Fear — "Your account has been compromised"
  • Urgency — "Act in the next 2 hours"
  • Authority — "Message from the CEO"
  • Curiosity — "Look at this photo of you"
  • Greed — "You have won a prize"

How to protect yourself

  1. Never click on links in suspicious emails — Go directly to the website by typing the URL in the browser.
  2. Enable 2FA on all your accounts — That way, even if they get your password, they can't access.
  3. Verify the sender — Check the email domain, not just the display name.
  4. Use a password manager — It doesn't autofill on fake sites, which alerts you to the fraud.
  5. Keep your software updated — Browsers and antivirus detect many phishing sites.
  6. Check your exposure — If your email has been leaked, you are a more likely target. Check it on SecuryBlack.

What to do if you fell for a phishing attack?

  1. Change the password immediately of the affected service
  2. Change the password on other services if you used the same one
  3. Contact your bank if you shared financial data
  4. Enable 2FA where you didn't have it
  5. Report to the National Police or the Civil Guard (in Spain: INCIBE)

Phishing emails are more effective when they use real data about you obtained from leaks. Check if your email has been leaked to know your risk level.