Phishing is an attack that attempts to steal your money, identity or important information by getting you to divulge sensitive personal information (such as credit card numbers, banking information or passwords) on websites pretending to be legitimate sites. Cybercriminals often pretend to be reputable companies, friends or acquaintances in a fake message, which contains a link to a phishing website.
Smishing simply uses text messages instead of email.
What to do if you receive an email or SMS and I suspect it is phishing or smishing.
- Never click on links or attachments.
- If the message appears to be coming from a person you know, contact that person by some other means, such as WhatsApp or phone call, to confirm.
- If it arrives in your work mailbox, report the message to the area responsible for Information Security or IT Support in your organization.
- Remove it to avoid clicking by mistake.
- Perform a vulnerability scan on your devices through the antivirus.
- Check that your accounts do not have unrecognized access.
What to do if you suspect you have been the victim of a phishing or smishing attack.
- Write down all the details of the attack before you forget them. In particular, try to write down any information such as usernames, account numbers or passwords that you may have shared.
- Perform a vulnerability scan on your devices through the antivirus.
- Change the password immediately for affected accounts. When changing the password, please note that you must create a different password for each account.
- Confirm that you have enabled multi-factor authentication (also known as two-step verification).
- Check that your accounts do not have unrecognized access.
- If this attack affects your professional accounts, you must notify the area responsible for Information Security or IT Support in your organization.
- If you have shared credit card or bank account information, contact your bank to alert them to the possibility of fraud.
- Notify your close personal, family and work circle so that they do not try to fool them into believing that any contact or communication comes from you.
English 
Español de México