Home / Cybersecurity / Phishing
Cybersecurity

What is Phishing?

Phishing is a scam where someone pretends to be a trusted person, company, or service in order to trick you into giving away sensitive information, clicking a harmful link, or opening a dangerous file.

What it is

Phishing is one of the most common online attacks. It usually arrives through email, text message, fake websites, social media messages, or collaboration tools.

The goal is to make the message feel urgent or believable enough that the target acts before thinking carefully.

How it works

A phishing attempt often imitates a trusted brand, coworker, bank, delivery company, or login page. The attacker may ask you to reset a password, confirm a payment, review a document, or fix an account problem.

If the target clicks and enters credentials, payment details, or other data, the attacker can steal that information or use it to get further access.

Why it matters

Phishing matters because it targets people directly and often bypasses technical defenses by relying on human trust or urgency.

It can lead to stolen passwords, bank fraud, identity theft, malware infections, or account takeovers.

How to spot it

Common warning signs include urgent language, unexpected login requests, mismatched links, unusual sender addresses, spelling mistakes, and requests for sensitive information.

Even polished phishing attacks can look convincing, so it is important to verify before clicking.

Related questions

What is phishing in simple terms?

Phishing is when a scammer pretends to be trustworthy to trick you into giving information or clicking something harmful.

Can phishing happen by text or chat?

Yes. Phishing can happen through email, text message, direct message, collaboration apps, and fake websites.

What to learn next

What is Malware? What are Passkeys? What is Encryption?

Sources

Where to go next

Phishing is easier to understand when you connect it to nearby ideas instead of reading it in isolation.

Identity Hub

Continue with a closely related page, hub, or guided path.

Phishing

Continue with a closely related page, hub, or guided path.

Why this matters

This matters because security concepts affect account safety, privacy, access control, attack prevention, incident response, and how people protect systems and data.

Who this is for

This page is useful for beginners, business owners, IT learners, students, and anyone trying to understand practical digital security concepts.

Related hub

Cybersecurity Hub

Related pages

Next step

After this page, open a related security topic like phishing, MFA, zero trust, encryption, or email protection to connect this concept to a wider security model.

Frequently Asked Questions

What does this mean in simple terms?

It usually describes a control, risk, protection method, or security process used to reduce threats or improve trust.

Why is this important?

Because it helps people make better security decisions for accounts, devices, websites, and organizations.

What should I read next?

Use the related hub, related pages, or site search to continue through connected explanations.

How Phishing works

Phishing works by tricking a person into trusting a fake message, fake login page, fake attachment, or fake request. The attacker usually pretends to be a trusted company, coworker, bank, delivery service, or administrator. The goal is often to steal passwords, verification codes, payment details, or sensitive business information.

The attack succeeds when the message feels urgent, believable, and easy to act on before the person slows down and verifies it.

Real-world examples of Phishing

Common phishing examples include fake password reset emails, fake invoice requests, fake shared document links, fake package delivery alerts, fake bank security warnings, and impersonated executive emails asking for urgent payment or gift card purchases. SMS phishing and social media phishing use the same manipulation tactics in different channels.

Common phishing warning signs

  • Unexpected urgency or pressure
  • Links that go to lookalike domains
  • Requests for passwords, codes, or payment details
  • Messages that do not match normal tone or workflow
  • Attachments or login prompts you were not expecting

How to reduce phishing risk

The strongest protections usually include slower verification habits, multifactor authentication, password managers, strong email filtering, user training, and checking the real destination of links before signing in. In organizations, phishing risk also drops when payment approvals, password resets, and unusual requests require verification through a second trusted channel.

Why Phishing matters

Phishing matters because it is one of the most common and effective attack methods used against individuals and organizations. A single successful phishing message can lead to account takeover, payment fraud, data exposure, malware infection, or wider compromise inside a business environment.