What is Phishing?
Phishing is a type of fraud in which criminals create fake pages that imitate your brand’s official website. The goal is to deceive users into believing they are accessing a legitimate channel and, as a result, provide sensitive information such as their name, national ID (CPF), login credentials, passwords, or credit card details.
This type of scam was once widely spread through phone calls and SMS, but it has evolved significantly over the years. Today, attackers use much more sophisticated techniques, capable of convincing even experienced users that they are interacting with your company’s real channel.
How is Phishing spread today?
Criminals use various methods to reach as many victims as possible. The most common include:
1. Email and SMS
Still heavily used, attackers send persuasive messages that typically combine urgency, concern, or promised benefits (such as supposed promotions or exclusive offers).
2. Paid ads on social media
Fraudsters purchase ads on platforms like Facebook, Instagram, and TikTok to direct users to fake pages. These ads mimic your brand’s official visual identity, increasing the credibility of the scam.
3. Paid search and search engines
Sponsored links on Google, Bing, or Yahoo may lead users directly to fraudulent sites, often appearing above the official website in search results.
4. Fake videos and influencers
Attackers create fake videos, profiles, or comments simulating recommendations or tutorials that drive users to click the malicious link.
5. Fake applications and QR Codes
In some cases, scammers develop fraudulent apps distributed outside official stores or use malicious QR Codes in digital or physical locations.
6. Social networks and direct messages
Fake profiles may send private messages, comment on posts, or create entire pages impersonating the company’s official profile.
In all these scenarios, the goal is the same: persuade the user to click a malicious link that redirects them to a fake page identical to the legitimate one.
How is the user deceived?
When the user opens the fraudulent link, they see a website with the same layout, colors, logo, and navigation as the official one. Believing the page is legitimate, the user enters their credentials — and unintentionally delivers sensitive information directly to the attackers.
Common characteristics of phishing messages include:
A catchy or urgent subject line
A suspicious sender without official identification
Persuasive text presenting a problem or an irresistible opportunity
External links, often shortened or disguised, directing the user to the fake page
Impact of Phishing on any type of business
Even companies that do not handle payments or credit card processing can be affected. Attackers may aim to:
capture access to accounts that perform purchases, transactions, or cancellations;
obtain personal or corporate information from users or employees;
breach internal accounts to request payments from clients or partners.
In other words, any brand with an online presence can become a target.
How do we monitor Phishing?
In addition to our traditional collectors, we use OnePixel, a specialized solution for real-time detection of fake pages. It is a discreet script added to your website’s source code that automatically identifies pages attempting to copy your official domain’s layout or content. For more details, see the article “OnePixel — How to Configure.”
We also use artificial intelligence to automatically classify tickets based on severity, highlighting urgent cases with the “flame” icons. This helps your team prioritize analysis and reduce user risk. For more information, see the article “Sorting and Prioritization of tickets”
ATTENTION!
Phishing can spread in many different ways and evolves constantly. Because it is one of the most critical threats, we recommend enabling Takedown pre-authorization, ensuring rapid removal of fake pages and reducing user exposure time. For details, see the article “Automation — How to Configure.”
How to manually create a Phishing ticket
If you need to manually create a phishing ticket, the process is simple:
Access Digital Fraud.
Click + Add Ticket.
Select the asset related to the fraud.
Choose the Phishing ticket type.
Decide whether to create an Incident or send it to Quarantine.
Enter the suspicious URL or URLs.
When clicking + Add, the platform will run automatic checks:
If a ticket for the same host already exists, a warning will be displayed.
You may choose Add anyway or Do not add.
After finishing, you can view the list of tickets or proceed with notification. For more details, see the article “Manual Ticket addition.”
Why is it not necessary to add multiple URLs from the same host?
When multiple URLs belong to the same hostname, they are part of the same fraud. Takedown occurs at the host level, which removes all URLs at once. For that reason, there is no need to create multiple tickets.
Exception: Generic and shared hosts (such as sites.google.com, bit.ly, facebook.com, among others) do not display duplication warnings, as multiple legitimate cases are expected on these domains.
In batch creations, the warning will appear only for URLs whose host already has an open ticket.
You’re all set! Your Phishing ticket has been successfully created. \o/
If you have any questions, feel free to reach out to us at [email protected]! 😊