Phishing: Can We Spot It before Falling for It?

Phishing: Can We Spot It before Falling for It?

 By Charles Joseph | Cybersecurity Advocate
 Last update: November 25, 2023

Phishing is a type of online scam where criminals pose as a legitimate organization or person in order to trick victims into providing personal information, such as passwords or credit card numbers. The information is then used to commit fraud or identity theft.

Phishing scams are typically carried out via email but can also occur through text messages, social media messages, and even phone calls. They often use spoofed email addresses and websites that look identical to the real thing, making it difficult for people to tell the difference.

Criminals will often try to create a sense of urgency or fear in their phishing emails in order to get people to act quickly without thinking. For example, they may claim there is an issue with your account that needs to be fixed immediately or say that your bank account has been compromised.

If you receive a suspicious email, text message, or phone call purporting to be from a legitimate organization, do not respond and do not click on any links or attachments. Instead, contact the organization directly using a phone number or website you know to be real.

Phishing Examples

1. Email Scams

Email scams are one of the most common forms of phishing. Faced with what appears to be an authentic message from a known, reputable company, it’s easy to let your guard down. For instance, the email might seem to be from your bank, a well-known online retailer, or a service provider. With the company’s logo and official-looking content, it can seem legitimate.

The email will generally prompt you to take an action such as updating your account, claiming a reward, or verifying your identity. Typically, a link or button is provided within the email for your convenience. However, this link doesn’t lead you to the company’s official website. Instead, it sends you to a fraudulent site designed to collect and steal your personal information. That information can then be used for various illegal procedures, including identity theft and unauthorized financial transactions.

Stay One Step Ahead of Cyber Threats

Want to Be the Smartest Guy in the Room? Get the Latest Cybersecurity News and Insights.
We respect your privacy and you can unsubscribe anytime.

These scams are cleverly designed to mimic real communication, which is why so many people fall for them. The rule of thumb to remember here is to always verify the sender’s email address and never to provide personal information unless you initiated the contact and you are certain of who you’re dealing with.

2. Social Media Phishing

Phishing is not confined to email; it has also spread its tentacles to social media. On these platforms, the scam may take the form of a personal message or a post shared publicly. A typical scenario might involve a message from what appears to be a friend in distress, urgently needing financial assistance.

An example of a public post might be a sensational, click-bait headline promising something irresistible, like an outrageous news story or a breathtaking discount offer. The link included in the message or post typically leads to a fake login page. Unwary users who follow the link and enter their account credentials are essentially handing over their login details to criminals.

Considering the widespread use of social media and the trust users place in these platforms, it’s not surprising that this method of phishing is quite effective. The best defense is to remain skeptical about any unsolicited messages asking for personal information, even if they seem to be coming from a friend. Also, don’t blindly follow links from posts without verifying their validity.

3. Tech Support Scams

Tech support scams are another ploy used by phishers. In this scenario, you might receive a pop-up message or a phone call allegedly from ‘Tech Support’ warning that your computer is infected with a virus. The message or caller instills a sense of urgency and encourages you to act quickly to resolve the issue.

This scam is designed to scare you into taking immediate action. The ‘support tech’ will instruct you to provide your login credentials or download a piece of software. In doing so, you’re either directly giving the phishers access to your device or installing malware that they can use to steal your information.

If you ever receive an unsolicited tech support call or pop-up, don’t immediately trust it. Reputable companies never approach customers this way. Always verify the contact through official channels, and never share your credentials or download software based on a cold call or random pop-up alert.


In the digital age, phishing remains one of the most effective methods used by fraudsters to steal personal information. By staying informed about common phishing techniques and always exercising caution when asked for sensitive information, you can considerably reduce your risk of falling prey to these scams.

Key Takeaways

  • Phishing is a cybercrime where individuals are contacted by email, telephone, or text message by someone posing as a legitimate institution to trick them into providing sensitive data.
  • Email scams, social media phishing, and tech support scams are common examples of phishing.
  • The best way to prevent phishing is through user education and awareness, verifying sources before providing sensitive information, and using security software.
  • Phishers usually instill a sense of urgency in their messages to provoke immediate action.
  • Reputable companies never ask for sensitive information through insecure methods like emails or pop-ups.

Related Questions

1. What should you do if you suspect you’ve received a phishing email?

If you suspect you’ve received a phishing email, do not respond or click on any links in the email. Instead, report the email to your email provider and then delete it.

2. How can you tell if a website is safe and not a phishing site?

Always look for the secure symbol, which is a lock icon in the address bar of your web browser. Also, the URL should start with ‘https://’ as the ‘s’ indicates that the website is secured with an SSL Certificate. These are signs that the website is safe and not a phishing site.

3. How can you protect yourself from phishing attacks on social media?

Never share personal or financial information through social media. Always log into your accounts by entering the website address into your browser directly rather than clicking on a link in a message or post.

4. How does anti-phishing software help?

Anti-phishing software provides an additional layer of protection by detecting phishing content in websites, emails, and other files. It can block access to phishing sites and prevent personal information from being sent to them.

5. Why is it called ‘phishing’?

The term ‘phishing’ is a play on the word ‘fishing,’ as the scammers are ‘fishing’ for personal information. The ‘ph’ is likely a nod to ‘phreaking’, a term used to describe the activity of hacking into telecommunication systems.

"Amateurs hack systems, professionals hack people."
-- Bruce Schneier, a renown computer security professional