Phishing is a digital fraud technique in which an attacker impersonates a trusted entity to deceive a victim and obtain compromising information that facilitates the theft of private data, such as bank details, and thus access accounts or systems.

These scams occur on websites that impersonate trusted companies, assume the identity of a loved one you trust, and sometimes even impersonate institutional sources, such as the DGT (Spanish Directorate General of Traffic) or the Ministry of Finance. These are the key points to keep in mind to prevent it:

1. Verify senders and links

• Carefully review the sender's email.

• Hover your cursor over links before clicking to check if they lead to a suspicious site.

2. Do not share sensitive information

• No legitimate institution requests passwords or bank details via email or text message.

3. Enable two-factor authentication (2FA)

• Adds an extra layer of security even if your credentials are compromised.

4. Keep software and devices updated

• Updates fix vulnerabilities that can be exploited.

5. Use spam filters and security tools

• Modern browsers and antivirus software automatically detect suspicious pages and emails.

6. Training and awareness

• Especially in businesses: train users to identify phishing signs.

7. Verify urgent or alarmist requests

• Attackers often use pressure tactics (“your account will be blocked”).

• Confirm through another official channel before taking any action.

8. Check the website URL and certificate

• Make sure it starts with https and that the domain is correct. Following these practices will help us all coexist in a safer digital ecosystem.