New Anti-Phishing Guidelines

The National Cybersecurity Directorate published guidelines to combat phishing that portray and outline its peculiarities and makes recommendations on how to prevent it. To this end, it created a guide and glossary to communicate to and advise the public about phishing. The guide is available here (in Spanish).

It defines phishing as a type of fraud aimed at misleading users and obtaining personal or financial information about them for the benefit of the phisher. Phishing is considered a cyber-attack.

Damages caused by phishing are numerous and depend on how much information the phisher managed to obtain from the user, making it impossible for users to access all their accounts, including banks, social networks, and emails.

According to the guide, there are different types of phishing schemes, classified by programming vector. These include emails, websites, social networks, the cloud, cell phones or landlines (Vishing), and SMS or messaging services (Smishing). And may occur, among other ways, when the phisher accesses a user's device through free Wi-Fi provided as a trap (Addline phishing).

Phishing may also vary according to its target. It may be an attack designed for a particular individual or company (Spear phishing) or be aimed at a person or company with influence (Whaling). Phishers may even impersonate a high-ranking executive to obtain information or payment from their employees (CEO fraud).

Finally, the guide suggests that, as a rule, users should stay alert and suspicious of irregularities, adding the following specific recommendations:

• Type web addresses directly into your browser.
• Check the address of e-mail senders.
• Never open any link or e-mail attachment without first verifying whether the source is real.
• Do not provide personal or financial data on sites and/or to third parties you do not trust.
• Avoid sensitive transactions (online purchases, payment of services, money transfers, etc.) when using Wi-Fi.
• Use different strong passwords and change them regularly.
• Do not click on unknown tabs or pop-up windows.