What Is Phishing?
Phishing is a type of social engineering attack where an attacker impersonates a trusted person, brand, or organization to trick you into revealing sensitive information — such as passwords, card numbers, or one-time codes — or into installing malicious software.
Phishing remains one of the most common entry points for cyberattacks because it targets human trust rather than technical weaknesses.
This guide covers recognition and prevention only. It does not describe how to build or send phishing messages.
Common Types of Phishing
- Email phishing — fraudulent messages that appear to come from a legitimate company or contact.
- Smishing — phishing delivered via SMS text messages, often with urgent, short links.
- Vishing — voice phishing conducted over phone calls, sometimes using spoofed caller IDs.
- Spear phishing — highly targeted phishing aimed at a specific individual using personal details.
Warning Signs to Watch For
- Urgent or threatening language pressuring immediate action.
- Mismatched or suspicious sender addresses and links.
- Requests for passwords, codes, or payment information.
- Unexpected attachments from unfamiliar senders.
- Generic greetings instead of your actual name.
Legitimate organizations will never ask you to provide your full password or a one-time verification code over email, text, or phone.
How to Protect Yourself
- Hover over links to preview the destination URL before clicking.
- Verify requests independently by contacting the organization through official channels.
- Enable multi-factor authentication so a stolen password alone is not enough.
- Keep your browser and email client updated with the latest security patches.
- Report suspicious messages to your email provider or IT department.
Quick Checklist
Before clicking any link or replying to a message, ask: Do I know this sender? Was I expecting this message? Does the request feel urgent or unusual? If in doubt, don't click — verify independently.