What is phishing?
The only way to protect yourself from the scammer is to know how their scams work. Phishing (a play on the word "fishing") is a 3-step scam:
1. They win your trust: cybercriminals lull you into a false sense of security by disguising themselves as a familiar brand with which you have a relationship. They copy its logos, imitate its emails and even build entire websites that resemble the originals. Their objective is to impersonate your bank, your insurance agent, your electricity company.
2. They use a good excuse: they need a reason that will make you enter your most sensitive data. It could be anything: a technical incident, a payment error, an urgent situation, etc. They usually frame it as something you should do very quickly before you get a chance to think about it.
3. They capture your sensitive data: such as your credit card number or the password for your Private Customer Area, etc.
The success of the scam depends largely on the skills of these criminals, since they are not all capable of creating a convincing lure. Whatever the, the best way to ensure they fail is for you to be on the alert.
Phishing using Endesa
Because we are the country's main power company, cybercriminals could not resist Endesa and they have tried to use its good name to trick their victims on many occasions. They have used a variety of strategies, one of which involves orchestrating full-scale phishing campaigns. Their favourite tactic is as follows:
- A) You receive an email that appears to be from Endesa.