What Is Phishing?

Phishing is a type of cyberattack where criminals send deceptive emails (or messages) designed to trick you into revealing sensitive information — passwords, credit card numbers, or personal data — or into clicking a malicious link. The term comes from "fishing": attackers cast a wide net hoping someone will take the bait.

Phishing remains one of the most common and effective attack vectors because it targets human psychology, not just technical vulnerabilities. Even technically savvy people get caught off guard.

Why Phishing Emails Are Getting Harder to Spot

Early phishing emails were often obvious — poor grammar, strange formatting, generic greetings. Today's attacks are far more sophisticated:

  • Spear phishing targets specific individuals using personal information from social media
  • Brand impersonation uses pixel-perfect copies of legitimate company emails and websites
  • AI-generated content eliminates the grammar and spelling errors that used to be giveaways
  • Urgent scenarios trigger emotional responses that override critical thinking

10 Warning Signs of a Phishing Email

  1. Urgent or threatening language — "Your account will be suspended in 24 hours!" Urgency is designed to make you act before you think.
  2. Mismatched or suspicious sender address — The display name may say "PayPal Support" but the actual email is from paypal-support@secure-login-verify.com. Always check the full address.
  3. Generic greetings — "Dear Customer" instead of your name suggests a mass-send attack.
  4. Unexpected attachments — Be very cautious of attachments (especially .zip, .exe, .docm files) you weren't expecting.
  5. Links that don't match the destination — Hover over any link before clicking. The URL shown at the bottom of your browser should match the expected domain.
  6. Requests for sensitive information — Legitimate companies will never ask for your password, full credit card number, or SSN via email.
  7. Too-good-to-be-true offers — Prize winnings, unexpected refunds, or inheritance money are classic bait.
  8. Slight domain misspellings — Watch for arnazon.com, paypa1.com, or extra words like amazon-support-login.com.
  9. Broken or mismatched branding — Low-resolution logos, wrong colors, or inconsistent fonts are signs of imitation.
  10. Unusual requests from known contacts — If a colleague's email asks you to wire money or buy gift cards, their account may be compromised. Call them directly to verify.

What to Do If You Receive a Suspicious Email

  • Do not click any links — not even "unsubscribe" links in suspicious emails
  • Do not open attachments unless you were expecting them and have verified the sender
  • Verify independently — if it claims to be from your bank, open a new browser tab and go directly to the bank's official website
  • Report it — use your email client's "Report Phishing" button. Gmail, Outlook, and Apple Mail all have this feature
  • Delete the email after reporting

What to Do If You Accidentally Clicked a Phishing Link

  1. Disconnect from the internet immediately (Wi-Fi off, or unplug Ethernet)
  2. Run a malware scan using Windows Defender or Malwarebytes
  3. Change passwords for any accounts you may have entered credentials into
  4. Enable two-factor authentication on affected accounts
  5. Monitor your bank and credit accounts for unusual activity
  6. If work devices were involved, notify your IT department immediately

Tools That Help You Stay Protected

ToolPurposeCost
Google Safe BrowsingBuilt into Chrome; warns before visiting known phishing sitesFree
Bitdefender TrafficLightBrowser extension that scans links in real timeFree
Have I Been PwnedChecks if your email has appeared in known breachesFree
ProofPoint PhishAlarmEmail reporting button for Outlook and Gmail (enterprise)Varies

The Bottom Line

Phishing succeeds because it exploits human instincts — trust, urgency, fear, and curiosity. The best defense is a moment of deliberate pause before clicking anything unexpected. Slow down, inspect the details, and when in doubt, verify through an independent channel. One careful second can prevent a serious incident.