A phishing attack is a type of cyber fraud where criminals send convincing but fake communications that appear to come from legitimate sources, such as your bank, email provider, or a company you use regularly. The goal is to manipulate you into clicking malicious links, downloading infected files, or entering passwords and personal data into fake websites.
Common phishing tactics include:
- Fake login pages that look identical to the real thing
- Urgent emails claiming your account will be closed or payment has failed
- Requests to "verify" or "confirm" your details
- Links that lead to credential-harvesting websites
- Attachments containing malware
Phishing works because it exploits human psychology rather than just technical vulnerabilities. A well-crafted phishing email can fool even security-conscious users if it creates a sense of urgency or uses legitimate branding.
To protect yourself, check the sender's email address carefully (criminals often use addresses that look similar but differ by one character), hover over links before clicking to see their real destination, and never enter passwords after clicking an email link. Legitimate companies will not ask you to verify sensitive information via email. Enable two-factor authentication on important accounts so that even if your password is stolen, a thief cannot access your account. Most email providers now flag suspicious messages, but this is not foolproof.
If you receive a suspected phishing email, report it to the organisation being impersonated and your email provider rather than replying to the message.