Digital Fraud, Data Leakage

How to identify phishing?

By Andre Luiz R. Silva on

If you’re visiting us here, you’re probably not interested in falling prey to fraud or being robbed (along with 99.9% of the population, right?). The problem is that the percentage of those who are afraid is not the same as of those who are knowledgeable. That’s why we’re sharing some essential tips, so you won’t fall victim to phishing or have your personal data stolen by cybercriminals. Let’s go!


Before clicking anything:

  • When you receive a text, keep an eye out; for example, an SMS from your bank asking you to update data should make you wary and prompt you to contact the bank through official channels. The same is true for emails: always check the sender and see if the source is reliable!

  • Beware of shortened URLs: and can be very useful, but they can also hide monsters if you don’t pay attention to the final link. Therefore, our key advice is:



Please! This is a key tip to avoiding scams. It’s obvious, often, that you should not put data on a site like "" But there are other tricks to fool you. Phishing domains often use typosquatting, a form of cybersquatting in which a character is slyly altered to confuse the brand name.


A case of typosquatting with your brand. I wouldn’t go there, eh?

When analyzing the URL, don’t be fooled by the HTTPS (which is nothing more than that “little green lock”): it means that the connection and the exchange of data between you and the site are secure and private, not that the website itself is secure or reliable. To put this in more concrete terms: a crime surrounded by walls or enclosures is still a crime.


Beware of subdomains!

Some free domains don’t even have well-defined privacy and security policies, which means that anything can be published. That's why you should pay close attention to the entire URL, to avoid cases like this:


Check it out: the real domain here is “," OK?

It is important to remember this when deflecting smishing (which is phishing on a mobile device). On smaller screens, some browsers like Safari make only the beginning of the URL visible — so you might very well believe that you’re on the official website if you were to land on a site like the example given above. Other mobile browsers such as Google Chrome show the domain in the visible part of the URL field, regardless of the subdomain or the rest of the page path on the right.


When you are on an e-commerce site, you should...

  • Be suspicious of the product’s price and/or payment terms. A phishing scheme may be lurking to “fish" for victims who dream of that amazingly low price (which, in fact, is only a dream).

  • Research another product. In general, fraudsters will not have the patience to make the site as elaborate as possible; we’d say that an offering of eight products over the entire site would be a lot for this type of fraud. The rest of the links on the page are probably offline or redirect to the official page.


But what about that red Google screen?

Be wary – very, quite, extremely — when the red screen appears. You may decide to be brave and click on "continue anyway", but know that this warning exists because someone has reported the page through Google's Safebrowsing (and you should do the same, when necessary).

It’s even possible to research which pages are under the watchful eye of Google. But phishing that is flagged in red is only the tip of the iceberg; fresh scams, unseen by the company, can also reach you. That's why, we repeat, always follow all of the above tips!

But if you'd like specialized planning and protection, pay close attention: Axur works with the help of robots to scan the internet and remove any phishing that can undermine your brand (and jeopardize your customers). Take a look at the phishing solution and see how we can eliminate a lot of bad things from the Internet.


Eduardo Schultze, Coordenador do CSIRT da Axur, formado em Segurança da Informação pela UNISINOS – Universidade do Vale do Rio dos Sinos. Trabalha desde 2010 com fraudes envolvendo o mercado brasileiro, principalmente Phishing e Malware


Andre Luiz R. Silva

A journalist working as Content Creator at Axur, in charge of Deep Space and press activities. I have also analyzed lots of data and frauds here as a Brand Protection team member. Summing up: working with technology, information and knowledge together is one of my biggest passions!