Although there are filters to remove these emails, they are not foolproof tools. They work well against large-scale phishing campaigns, but not against targeted attacks (spear phishing) or phone or SMS phishing. In the case of mail, the effectiveness of the filters is less when the phishing is sent from the account of a user who has been a victim and whose credentials have been stolen. This phishing spread to a victim's contacts is quite common.
Some tips to avoid becoming a victim:
- Be suspicious of unsolicited messages that convey a sense of urgency or offer things for nothing.
- Malicious mail can also come from someone you know, if your credentials have been stolen. You must also be aware and ask yourself if it is the usual type of message from this person.
- Search for part of the text of the message in a search engine, to check if it is associated with any known phishing.
- Contact the person by another means, to confirm the validity of the message.