Phishing is a type of social engineering attack where cybercriminals impersonate a trusted organisation — a bank, a popular website, a government agency — to trick victims into revealing sensitive information such as passwords, credit card numbers or personal identity details.
How Phishing Works
- The attacker sends an email, SMS or social media message that appears to come from a legitimate source.
- The message creates urgency — "Your account will be suspended", "Verify your payment" — and contains a link.
- The link leads to a convincing fake website that mimics the real one.
- The victim enters their credentials, which are captured by the attacker.
- The victim may be redirected to the real site to avoid suspicion.
Types of Phishing
- Email phishing — Mass emails impersonating banks, PayPal, Amazon, etc.
- Spear phishing — Targeted attack using personalised details about the victim.
- Smishing — Phishing via SMS text messages.
- Vishing — Phishing via voice calls.
- Whaling — Spear phishing targeting executives.
- Clone phishing — A legitimate email is cloned with malicious links substituted.
How to Recognise a Phishing Attempt
- Unexpected urgency or threats of account closure.
- Generic greetings ("Dear Customer") instead of your name.
- Suspicious sender email address (e.g.
[email protected]). - Links that don't match the claimed organisation's domain.
- Requests for information the real organisation would never ask for by email.
Protection
- Enable two-factor authentication on all important accounts.
- Use a password manager — it won't autofill credentials on fake domains.
- Never click links in unexpected emails; go directly to the site by typing the URL.
- Keep browser and operating system updated.