So the typical phishing attack begins with an e-mail of the kind: "urgently contact us via the link below ...", or a link that appears from nothing on Facebook or a banner ad in some applications much used by users (always More often also incoming train tickets from very popular applications such as Whatsapp or Facebook).

It always appears as an official notification coming from a trusted source, such as a bank, Italian posters, law enforcement agencies or large companies, but also an ignorant friend. The message invites you to connect to a Web site graphically very similar to the original one and enter some personal information such as, for example, your current account number or password. This information is then used to appropriately identify the identity of those who are abusing the scam.

A good updated antivirus can safely block the most known and target "critical" messages to the spam folder (which attempts to do even the major email managers), but given that there is always something that can Escape control, so even if protected it is always advisable to have a little more attention.

Generally, no company requires passwords, access data, tax code or other information, so before you disclose this information, first contact a customer number or go to an administrative office to be sure of the source of that information. In addition, these messages often emphasize the urgency of the response, causing anxiety in the user and inducing him to stop thinking about it.