Understanding Phishing & How to Stay Safe
Phishing attacks are deceptive attempts to obtain sensitive information—such as usernames, passwords, credit card details, or personal data—by masquerading as a trustworthy entity. These attacks come in many forms, from emails and SMS messages to phone calls and even social media.
Common Phishing Indicators
- Urgent or threatening language urging immediate action.
- Suspicious sender address—often a misspelled domain or unrelated domain.
- Unexpected attachments or links that lead to unfamiliar websites.
- Requests for personal or financial information that legitimate organizations rarely ask for via email.
- Generic greetings such as “Dear Customer” instead of your name.
Tip: Always hover over links to view the actual URL before clicking.
Types of Phishing Attacks
- Email Phishing – Mass‑mailed fraudulent messages.
- Spear Phishing – Targeted attacks using personal information.
- Smishing – Phishing via SMS/text messages.
- Vishing – Voice call phishing (social engineering over phone).
- Whaling – Targeting high‑level executives.
Best Practices to Protect Yourself
- Verify the sender’s email address and domain.
- Never share passwords or personal data through unsolicited messages.
- Enable multi‑factor authentication (MFA) wherever possible.
- Keep software and browsers up to date.
- Use reputable security solutions and regularly scan for malware.
Test Your Knowledge
Which of the following is a strong indicator of a phishing email?
What does "MFA" stand for?