Description: Phishing emails are a type of online fraud that uses electronic messages that appear to be from legitimate sources, such as banks, companies, or well-known services, with the aim of deceiving the recipient. These emails often include links to fake websites that mimic the appearance of the originals, where sensitive information such as passwords, credit card numbers, or personal data is requested. The main characteristics of these emails include an urgent tone, grammatical or spelling errors, and email addresses that may look similar to the authentic ones but contain subtle variations. The relevance of phishing lies in its ability to compromise the security of users and organizations, which can result in significant financial losses and exposure of personal data. As technology advances, phishing methods become more sophisticated, making education and awareness about this type of threat essential for protection in the digital environment.
History: The term ‘phishing’ originated in the 1990s when cybercriminals began using fake emails to steal account information from AOL. As the Internet expanded, phishing evolved, incorporating more advanced and targeted techniques, such as spear phishing, which focuses on specific individuals. Significant events include the eBay attack in 2014, where data from 145 million users was compromised, and the Target attack in 2013, which resulted in the theft of credit card information from 40 million customers.
Uses: Phishing is primarily used to steal personal and financial information from users. Criminals send emails that appear legitimate to deceive people into revealing passwords, credit card numbers, and other sensitive data. It is also used to install malware on victims’ devices, allowing attackers to access additional information and further compromise security.
Examples: An example of phishing is an email that appears to come from a bank, asking the user to verify their account through a link. Another notable case is a phishing attack targeting employees of a company, where emails appear to be from the CEO’s email address, requesting confidential information. Additionally, in 2020, numerous phishing attempts related to the COVID-19 pandemic were reported, where attackers posed as health organizations.
