Security & Infrastructure
Phishing
Phishing (Online Scam)
Phishing is when scammers send fake emails, texts, or websites pretending to be someone you trust — to trick you into giving them your passwords or personal information.
What it is
Phishing is a type of online scam where attackers pretend to be a trusted entity — like your bank, a popular company, or even a coworker — to trick you into revealing sensitive information such as passwords, credit card numbers, or personal data. The name "phishing" comes from "fishing" — the attacker casts bait (a fake email, text message, or website) and waits for someone to bite. Phishing attacks usually create a sense of urgency: "Your account has been compromised! Click here immediately to secure it." The link leads to a fake website that looks identical to the real one, and when you enter your credentials, the attacker captures them.
Real-world examples
- Fake Bank Email — you receive an email that looks exactly like it is from your bank: same logo, same colors, same format. It says "Suspicious activity detected. Click here to verify your account." The link goes to a fake website that steals your login credentials.
- CEO Fraud — an employee receives an email that appears to be from their CEO: "I need you to urgently wire $50,000 to this account for a confidential deal." The email looks legitimate, but it is from a scammer.
- Package Delivery Scam — a text message says "Your FedEx package could not be delivered. Click here to reschedule." The link leads to a fake page asking for your address, phone number, and credit card to "pay a redelivery fee."
- Social Media Phishing — a message on Instagram says "Someone tried to log into your account. Verify your identity here." The link leads to a fake Instagram login page that captures your username and password.
Analogies
- Phishing is like a con artist wearing a police uniform. They look like a real officer, they sound official, and they ask you to hand over your wallet "for verification." Because they look trustworthy, many people comply. Phishing works the same way — the scammer wears the "uniform" (branding) of a trusted company.
- Think of phishing like a fake ATM placed on a busy street. It looks exactly like a real ATM — same brand, same screen, same buttons. But when you insert your card and type your PIN, the fake machine records everything. The scammer collects your card data and PIN, and you do not realize it until money starts disappearing.
- Phishing is like a wolf in sheep's clothing. The message looks friendly and familiar (a sheep), but behind it is a predator (the scammer) waiting to take advantage of your trust.
Comparisons
Phishing vs Spam
- Spam is unsolicited bulk email — annoying but usually not dangerous. It is trying to sell you something (products, services, dubious offers).
- Phishing is targeted deception — it pretends to be someone you trust and tries to steal your credentials, money, or personal data.
- Spam is a nuisance. Phishing is a crime that can lead to identity theft, financial loss, and compromised accounts.
Why it matters
Phishing is the most common and successful type of cyberattack in the world. Over 90% of data breaches start with a phishing email. It does not matter how strong your password is or how good your security software is — if you willingly hand over your credentials to a fake site, all those protections are bypassed. Phishing attacks are becoming more sophisticated, using AI to create more convincing fakes. Understanding phishing is essential for protecting yourself and your organization — learning to spot the warning signs (urgency, suspicious links, unexpected requests) is your best defense.
Related terms
- Authentication — Authentication (Identity Verification)
- Encryption — Encryption (Data Protection)
- Firewall — Firewall (Network Security)