Imagine you receive an email that looks completely real: it has your bank's logo, your full name, and an urgent message saying, “Your account has been blocked. Log in to reactivate it.” It sounds serious, so you click without thinking twice... and you're already caught up in a phishing attack.
This type of fraud is extremely common. Every day, millions of people receive fake emails, messages, or even phone calls that are after one thing: to steal your passwords, your bank details, or access to your personal and work accounts.
The worst part is that many of these scams are so well done that it's hard to tell they're fake. That's why it's crucial to learn how to identify them. In this article, we'll look at real examples, signs that should raise your alarm, and easy-to-apply tips so you don't get caught off guard.
When we talk about phishing, we are not referring to a single type of scam. It is a technique that can take many different forms, but with the same goal: to get you to hand over your personal or financial information without realizing it.
Attackers often pose as someone you trust (your bank, a well-known company, someone from work) to gain your trust... and then use it against you.
To help you be better prepared, here are the main types of phishing that exist, how they can deceive you, and some real examples of each.
| Type of Phishing | What is it? | How does it work? | Example |
|---|---|---|---|
| Email phishing | The most common type. You receive an email that looks like it’s from a known company (like your bank), with logos and everything well made, but it’s fake. | They ask you to click on a link that takes you to a fake website, or they send you a file that infects your computer. | “Your account has been blocked. Log in here to reactivate it.” The link takes you to a page identical to the bank’s site, but it’s fake. |
| Smishing | It’s phishing via SMS or apps like WhatsApp. | They send a message with something urgent to get you to click a link. There, they steal your data or install something on your phone. | “Mercado Envíos: your package couldn’t be delivered. Reschedule by paying $100 here: [link]”. You enter your card info… and your account gets emptied. |
| Vishing | They call you pretending to be from the bank or a company. | They scare you with a problem (like a hack or suspicious charge) and ask for information: codes, passwords, card numbers. | They call saying they’re from the bank, saw a hacking attempt, and ask for the codes you received via SMS. They use them to steal from you. |
| Spear phishing | A more personalized attack, targeted specifically at you. | They research you (your job, name, position) and send you a message that seems very real. | You get an email that looks like it’s from your boss: “I need you to approve this urgent project transfer.” Everything looks real, but it’s a scam. |
| Whaling | A type of spear phishing targeted at high-level individuals like executives or managers. | The goal is to get sensitive information or make you authorize large payments. | The CEO receives an email from a supposed international vendor urgently requesting payment of an invoice. It looks legit, but it’s a scam. |
| Quishing | Phishing with fake QR codes. | You scan a QR (in a public place or restaurant) and it takes you to a fake site asking for your data. | You scan the QR code for a menu at a restaurant, but it was fake. It takes you to a site asking for your Google account, and they steal your access. |
| Pharming | Even if you type the website address correctly (like your bank’s), you may end up on a fake site. | It can happen due to a virus or a compromised network. The page looks identical, but it’s not the official one. | You type www.yourbank.com, but a virus redirects you to a perfect copy. You enter your username and password... and they’re stolen. |
Sometimes fake emails look very well put together, but if you look closely, there are almost always details that give them away. Here are the most common signs so you don't get caught off guard:
It may look like it was sent by a well-known company, but if you look closely at the email address, something doesn't add up. Sometimes they change letters or use strange domains.
Example: Instead of coming from @mercadolibre.com, it comes from @mercado-l1bre.info. Do you notice the trick with the number 1?
The text may say something like “click here to verify your account,” but if you hover your mouse over it, the link goes to a strange page that has nothing to do with it.
Example: It says you're going to www.mercadolibre.com/verificacion, but the real link is something like www.seguridad-alerta.xyz.
Be careful! No reputable company will ask you to send your password, card number, or security codes by email. If they do, it's definitely a scam.
They use alarming phrases to make you act quickly and not think about it. Something like:
“Act now or you will lose access to your account!” This tone of urgency is typical in phishing emails.
Spelling mistakes or poorly constructed sentences are a big red flag. Sometimes they look like machine translations or have been written in a hurry. Real example: “Your account is about to be blocked. To recover it, click on the link.” Who would trust that?
Even though they want to make the email look “official,” they often use low-quality images or old logos. If it looks pixelated, blurry, or outdated, be suspicious.
If something doesn't seem right, it's best not to click on it and to report it. Instead of trusting it, go directly to the official website from your browser and check it from there.
Analysis of a phishing email
Read more: Sale of Mexican Identities on Telegram for $134 Pesos
Email address: mercado-l1bre.info@gmail.com
At first glance, it looks like it's from Mercado Libre, but if you look closely, there are several strange details:
That alone is reason enough to be suspicious.
Link text: www.mercadolibre.com/verificacion
It looks trustworthy, but often the text does not match the actual destination. If you hover your mouse over it (without clicking), it may point to a completely different or even malicious website.
Always check carefully before entering any site from an email.
In the message, they ask you for things like:
Your full name
Your card number
Security code (CVV)
Password
That's too much! No reputable company will ask you for this information by email. It's one of the clearest signs of phishing.
URGENT! Your account will be suspended in 10 minutes
They try to pressure you into not thinking too much and clicking on whatever they tell you to. If it sounds overly urgent, they are almost certainly trying to trick you.
Examples from the email:
“It is essential that you verify your information immediately...”
“If you do not take this action within the next 24 hours, your account will be permanently deleted.”
These phrases are only meant to scare you into falling for the scam without questioning anything. Whenever you see this type of threat, pause and think twice.
They use the real company logo or similar images to appear legitimate. But just because it has the logo doesn't mean it's real. Scammers copy everything so you won't suspect anything.
If it were something serious or personal, the least they could do would be to use your name. But these emails go out to thousands of people at the same time, so they use generic greetings like “Dear customer.” Another red flag.
Sometimes it's not so obvious that an email is fake. In fact, some are so well done that they make you doubt. Here are some signs that may raise suspicion, even if the message doesn't seem so “strange” at first:
It could be from your bank, Netflix, or Mercado Libre. And yes, you use that service. But if the email comes out of nowhere and you didn't request anything, it's best not to click on it and check for yourself. Tip: Go directly to the official website or open the app to see if there really is something pending.
Some emails use your real name, which makes you trust them a little more. But if the rest of the message has a strange tone, asks for sensitive information, or sounds very generic... be suspicious. Example: “Hello Maria, please confirm your identity urgently by clicking here.” So urgent and without any further context?
The email looks “professional,” has the logo, colors similar to the originals, but... something doesn't add up. Sometimes there are blurry images, misplaced buttons, or strange colors that don't match the brand's colors. It's like a poorly made copy of a real website: at first glance, it passes, but if you look closely, there are details that don't add up.
They tell you that you've won an iPhone, a trip, a $10,000 coupon, or an irresistible promotion. And although there are brands that do send promotions, if it sounds too good to be true... be careful! Basic rule: If it seems too good to be true, it probably is.
A legitimate email almost always includes the following at the end:
Contact phone number
Physical address of the company
Links to official social media accounts or their website
If it only says something generic and doesn't include anything you can verify, it's best not to trust it.
Read more: Social Engineering + User Experience: The Hackers' Formula
Hackers no longer stick to email. They also prowl around in messages, networks, and calls. Here are some other ways they might try to trick you:
“You've won a TV! Claim it here: bit.ly/premioTV”
It sounds tempting... but it's pure fraud.
“Your verification code is 845921.”
If you didn't ask for it, don't use it. Someone else could be trying to access your account.
Message from a friend:
“Friend, I need $10,000 urgently.”
It may not even be your friend... just someone using their hacked account.
URLs that look almost the same as the real ones: Like www.santander.com.ar vs www.banco-santender.com. A couple of letters and it's a different site.
No security lock: If the site doesn't start with https://, it's best not to enter.
Poor design: Blurry logos, strange phrases, language errors... clear signs that it's not a trustworthy site.
They pretend to be your bank or app support.
They pressure you to download something or give them remote access.
The goal is always the same: to get you to make quick decisions without thinking.
Fake QR codes: You scan one on the street or in a restaurant and boom! It takes you to a page that steals your data.
Fake apps: They look official, but they're not. Before downloading, check that they are verified in the app store.
Misleading ads: Like those that say “70% off Nike” and send you to a website that has nothing to do with it.
These small actions can save you big problems:
Enable two-step verification on all your important accounts.
Keep your cell phone or computer up to date.
Be wary of messages that scare you or rush you.
Only browse secure pages (those that start with https://).
Use antivirus software and browsers that alert you when you visit dangerous sites.
Phishing is not just a technical issue... it's a game of manipulation. And scammers are becoming increasingly creative in order to appear real. But if you are alert, informed, and don't act in haste, you already have a big advantage. Sometimes, just taking a few seconds to review a message carefully can save you a real headache. Remember: digital security starts with you.
At TecnetOne, we offer a specialized awareness service for end users, where we help companies train their people to recognize, prevent, and respond to digital fraud attempts. Through hands-on workshops, real phishing simulations, and customized resources, we support you in strengthening your first line of defense: your team.