What Is Phishing?

Phishing is a type of online scam where attackers impersonate legitimate organizations — banks, email providers, government agencies, or popular services — to trick you into revealing personal information like passwords, credit card numbers, or Social Security numbers. It remains one of the most common and effective forms of cybercrime because it exploits human trust rather than technical vulnerabilities.

Common Types of Phishing

  • Email phishing: The most common form. A fake email that looks like it's from a trusted company, urging you to click a link or download an attachment.
  • Smishing: Phishing via SMS text messages, often claiming there's a problem with a delivery or your bank account.
  • Vishing: Voice phishing — a phone call from someone pretending to be from a bank, government agency, or tech support.
  • Spear phishing: A targeted attack using personal details about you to seem more credible.

Red Flags to Watch For

In Emails

  • The sender's email address doesn't match the organization's official domain (e.g., support@paypa1.com instead of @paypal.com).
  • Generic greetings like "Dear Customer" instead of your actual name.
  • Urgent language pressuring you to act immediately ("Your account will be suspended in 24 hours!").
  • Links that don't match the displayed text — hover over links before clicking to see the real destination URL.
  • Unexpected attachments, especially .zip, .exe, or Office files asking you to enable macros.
  • Poor spelling, grammar, or formatting inconsistencies.

On Websites

  • The URL is slightly misspelled or uses a different domain extension (e.g., .net instead of .com).
  • No HTTPS (look for the padlock icon in your browser's address bar) — though note that HTTPS alone doesn't guarantee a site is legitimate.
  • The site design looks off — slightly different colors, fonts, or logos compared to the real site.

What to Do If You Receive a Suspicious Message

  1. Don't click any links or download attachments until you've verified the message is legitimate.
  2. Go directly to the source: If the email claims to be from your bank, open a new browser tab and navigate to your bank's official website directly — don't use the link in the email.
  3. Report the phishing attempt: Most email clients have a "Report phishing" option. Use it to help protect others.
  4. If you've clicked a link: Change your passwords immediately, enable two-factor authentication, and contact your bank or the relevant service if financial information may have been exposed.

Your Best Defense: Healthy Skepticism

The most effective protection against phishing is developing a habit of pausing before acting on any unsolicited message that asks for information or prompts you to click a link. Legitimate organizations will never ask for your password via email. When in doubt, go directly to the official website rather than trusting a link you were sent.

Combining this mindset with strong, unique passwords and two-factor authentication on all important accounts significantly reduces your exposure to phishing attacks.