Phishing: What It Is and How to Protect Yourself Against It

Learn all about phishing scams and how to protect yourself from them

A stack of credit cards sitting on a laptop, getting hooked by a fishing hook that's coming from the laptop's monitor.

ImagePixel/iStock/Getty Images Plus

PRODUCT DISCLOSURE $

Phishing is the act of tricking people into giving up personal information (usually financial information) using a form of communication. A phishing scam usually involves convincing a victim the form of communication used (like an email or voicemail) is a legitimate message from a trusted company or government agency.

What is Phishing?

According to cybersecurity company Malwarebytes, the word "phishing" alludes to the use of scam messages designed to lure and convince victims to give up their personal information. In this case, the scam messages are the "bait" and the victims who fall for the scam and give up their information are the "fish" the scammers are trying to hook.

But the scam messages themselves doesn't always have to be an email scam. Phishing scams or attacks can show up as different kinds of communications, like text messages or voicemails.

Some phishing attacks don't only contain links to fake websites that can record your personal information. Sometimes phishing scams (using emails in particular) can also contain attachments or links housing malware or even ransomware.

Different Types of Phishing Scams

As we mentioned earlier, phishing scams don't just manifest as sketchy emails. There are variations of phishing, and they often use different methods of communication to deceive people into giving up their personal information.

These are a few of the different kinds of phishing scams:

Email Scams

You're probably most familiar with phishing emails. These emails are often designed to look like legitimate messages from a trusted organization like a government agency or bank.

These emails may request you divulge personal information and may direct you to select a provided link to a website. The website, however, is usually a fake website scammers can use to grab your your username and password when you try to log in to the fake website. This can be particularly troublesome if scammers are able to successfully use phishing emails to steal your online banking logins, or other sites that deal with sensitive financial information.

Smishing

Smishing is a form of phishing conducted via text or SMS messages. Like phishing emails, smishing text messages will often ask you to tap a link within them, allowing scammers to grab your personal information.

Vishing

Vishing (also known as "voice phishing") is phishing that occurs via voicemails and phone calls. It's essentially a phone scam intended to trick or scare its victims into giving up personal information over the phone. Such stolen personal information can lead to the victim having their identity stolen, which in turn lets scammers do things like open new credit cards under the victim's name.

How to Protect Yourself Against Phishing Attacks

Even with the best spam filters and call blocker apps, you still might have to deal with phishing emails, vishing, and smishing attacks. When you do encounter them, here are a few ways to defend against their ill effects.

  1. Avoid links provided in phishing emails or text messages. As cybersecurity company Webroot notes, it's better to use a web address or link you found on your own via a web search or a web address for a company you've used before. If a message seems suspicious, don't select its links or attachments. Even if the message is "warning" you about a problem with your account, you can easily check your account status using a different link.

  2. Avoid and block unknown numbers from suspicious calls. When it comes to vishing or voice phishing, it's best not to answer phone calls from unknown callers, if possible. If an incoming call seems suspicious to you, or if a scammer leaves an odd voicemail, go ahead and block their phone numbers. Many phones come with the ability to block phone numbers, and you can also use call blocking apps.

  3. Don't download apps via text message. Just like you wouldn't select a link or attachment in an email scam, you shouldn't download apps from a text message. As cybersecurity company Norton by Symantec advises, apps you get via a trusted app store "have [vigorous] testing procedures to go through before they’re allowed in the marketplace," meaning app store apps are generally more trustworthy than a random download from a text message.