What Is a Phishing Attack, and How Can You Stay Safe?

Cybercrime moves quickly, with new threats emerging all the time. However, some of the most prevalent issues you’ll encounter aren’t new, highly sophisticated technologies but tried and true methods whose popularity comes largely from their simplicity. That’s the case with a phishing attack, one of the oldest but still most popular types of cybercrime.

Phishing is nothing new, but it’s still the most frequently reported type of cybercrime by far. If you want to stay safe online, you need to be able to recognize and stop these attacks. The first step is learning what they are and how they work.

What Is a Phishing Attack?

A phishing attack is when someone poses as a legitimate source to trick you into giving away information or access. A common example is an email seeming to come from a brand you use asking to update your payment information. However, when you click the link to enter that data, it takes you to a different site where criminals can see and steal your credit card info.

Phishers pretend to be a wide range of people, but it’s usually always someone or something you trust, like a friend, employer or government agency. What they seek to get out of it can vary, too. Financial information is one of the most common targets, but some want personal details to commit synthetic identity fraud, and others want you to click a link that installs malware.

Whatever the specifics, the result is the same: people unknowingly give away what may take highly technical hacking techniques to get otherwise. Humans are naturally curious and want to avoid urgency, so these phony messages are remarkably effective.

How Can You Prevent Phishing?

Once you know how phishing attacks work, it’s easier to prevent them. Stopping these attacks is mostly a matter of knowing the telltale signs. If you can spot a phishing attempt, you’ll know not to respond to or click on it, rendering it ineffective.

Be suspicious of anything with unusual urgency. That’s a common trick phishers use to get people to panic and click without thinking. Common examples include updating payment information, receiving a prize from a contest you didn’t enter and legal action. As a side note for that last one, remember: the government will never ask for money or personal information over email, phone or text.

You can also spot a phishing attack by looking closer at the sender’s domain. Look up the legitimate website of the party it’s claiming to be from and see if they match. Be sure to look for small differences, like zero instead of an “o” or “.com” instead of “.org.” 

Similarly, you can hover your cursor over a link to see where it actually leads. If the address that pops up while hovering is different from what the link says, don’t click it.

Generic greetings like “dear customer” are also a red flag. However, spear phishing, which is more targeted, may use your real name, so don’t automatically trust anything just because it gets some details right. If you’re ever in doubt, you can contact the party the message claims to be from by another means like phone or text and ask them about it.

Finally, as a general rule, never give away personal information over email or text and never click a link from an unknown or unsolicited source. If in doubt, don’t trust it.

What to Do if You Fall for a Phishing Attack

Of course, everyone makes mistakes. Phishing attacks can be convincing, so you may have fallen for one. If you think you have, there are a few steps you can take.

First, use antivirus software to scan your computer to check for any malware you might’ve unknowingly downloaded. It’s also a good idea to back up any important files to the cloud or external drive so you can access them from another device.

If you think you have given away sensitive information, you can report it on IdentityTheft.gov so that security professionals can investigate. You can also contact your bank or a credit bureau to freeze your accounts to prevent unauthorized spending. Change your passwords on all online accounts to stop phishers from accessing them and causing more damage.

Stay Safe from Phishing

Phishing attacks are common and surprisingly effective, given their simplicity. However, if you know what to look out for, you can stay safe.

A good rule to follow when doing anything online is to verify everything and trust nothing. Taking a few seconds to review any message before believing it makes a big difference in your privacy and security.