Phishing is a social engineering attack designed to deceive you into handing over sensitive information or installing malware. Scammers typically pose as banks, payment services, retailers, or software companies and contact you via email, text message, or fake websites.
The attack works by creating urgency or fear. You might receive a message claiming your account has been compromised, a payment failed, or you've won a prize. The message contains a link to a fake website that looks almost identical to the real one. When you log in or enter your details, criminals capture them immediately.
Common phishing tactics include:
- Fake login pages for email, online banking, or social media
- Urgent requests to confirm payment information
- Links to "verify" your account after a supposed security breach
- Attachments claiming to be invoices or documents that contain malware
- Text messages ("smishing") asking you to click a link
Real-world example: You receive an email appearing to come from your bank, asking you to click a link and confirm your debit card details because of "suspicious activity". The email looks professional and uses your bank's logo. However, the link goes to a fake website, and any details you enter are sent to criminals.
What to look for when buying security software: Choose antivirus or security tools that include phishing protection. These scan email links and websites in real time, warn you before you visit known phishing sites, and filter suspicious emails. Some password managers also flag risky websites.
Phishing remains one of the most successful cybercrimes because it exploits human behaviour rather than technical flaws. No security software catches every phishing attempt, so your awareness is your best defence. Always verify URLs before entering credentials, and be sceptical of unexpected emails asking for sensitive information.