What Is Phishing?

Phishing is a type of cyberattack where a malicious actor impersonates a trusted entity — a bank, a tech company, or even a coworker — to trick you into revealing sensitive information like passwords, credit card numbers, or personal data. Despite being one of the oldest tricks in the hacker playbook, phishing is still alarmingly effective because it exploits human psychology rather than technical vulnerabilities.

Common Types of Phishing Attacks

  • Email Phishing: Mass emails that look like they're from legitimate companies, urging you to "verify your account" or "confirm a payment."
  • Spear Phishing: Highly targeted attacks using your name, employer, or recent activity to appear convincing.
  • Smishing: Phishing via SMS text messages, often pretending to be delivery notifications or bank alerts.
  • Vishing: Voice phishing, where attackers call you pretending to be tech support or government agencies.
  • Clone Phishing: A legitimate email is copied and slightly modified — with a malicious link swapped in — then resent to you.

How to Spot a Phishing Attempt

The best defense is knowing what to look for. Here are the most reliable warning signs:

  1. Suspicious sender address: The display name may say "PayPal Support" but the actual email address is something like noreply@paypa1-secure.net. Always check the full address.
  2. Urgency and pressure: Messages like "Your account will be suspended in 24 hours!" are designed to panic you into acting without thinking.
  3. Generic greetings: "Dear Customer" instead of your actual name is a red flag.
  4. Suspicious links: Hover over any link before clicking. If the URL looks odd or doesn't match the claimed sender's domain, don't click.
  5. Grammar and spelling errors: While not always present in modern attacks, poor language can still signal a scam.
  6. Unexpected attachments: Don't open attachments you weren't expecting, especially .exe, .zip, or .docm files.

What to Do If You Suspect a Phishing Email

  • Do not click any links or download attachments.
  • Report it using your email client's "Report Phishing" or "Report Spam" button.
  • If it appears to be from a known company, contact that company directly using their official website — not any contact info in the suspicious email.
  • Delete the message.

Protecting Yourself Long-Term

Beyond staying alert, there are structural defenses you can put in place:

  • Enable Multi-Factor Authentication (MFA) on all important accounts. Even if a phisher gets your password, they won't be able to log in without the second factor.
  • Use a password manager — it won't autofill credentials on fake sites, acting as an extra safety net.
  • Keep software updated to ensure known vulnerabilities are patched.
  • Use email filtering tools that flag suspicious messages before they reach your inbox.

The Bottom Line

Phishing works because it's designed to look real. The good news is that once you know the patterns, you'll start noticing red flags quickly. Slow down, inspect before you click, and when in doubt — go directly to the source rather than following a link in any message.