What is phishing?

Phishing is when an attacker tricks you into opening a malicious link or email attachment by masking them as something interesting. Read on to find out about what is phishing and how you can stay safe.

Knowing what phishing is — the first step in protecting yourself

Online criminals use phishing attacks to get your personal details or login information. This is typically achieved by sending you to a web page that looks legitimate but is actually a phishing website. There you are tricked into giving your details to criminals. This information can then be used for account takeover or identity theft.

Phishing can also be used to infect your device with malware. The malware is masked as something intriguing, such as important documents, or viral cat videos. Anything goes, as long as it gets your attention. These types of viruses are called trojans after the Trojan horse of Greek mythology.

5 ways to avoid phishing scams

Anti-phishing measures start from knowing what phishing is and how it works. Here are 5 tips that can further help you avoid falling into phishing scams.

1. Remember that you are your greatest vulnerability

Nobody becomes a victim of a phishing scam without being tricked into implicating themselves. A successful phishing scam generally requires you to open a phishing email, click a link or open an attachment. Usually there are additional steps, like clicking “Enable Content” to allow a trojan or ransomware to infect your device or entering your private data into a scam form.

2. Understand that anyone can become a victim

Phishing scams are nowadays made by professional criminals and can be extremely hard to detect. Phishing attacks often feed on our desire for great news and our fear of bad things. For example, criminals know there is a high likelihood a victim, or a member of their household, may be expecting a delivery. And if we weren’t expecting something, we could be getting a gift. Phishing scams related to shipping are common especially during Christmas and Black Friday seasons.

3. The many types of phishing often involve credible-looking sources

The most common types of phishing are email attachments and links. Phishing attacks can also be sent in an SMS or instant message. Anything that enhances the credibility of a phishing attack helps the scam work, so quite often scams are sent using faked appearance of huge brands that you trust and expect communication from — like Amazon, your bank, FedEx or any other shipping company.

4. Beware of urgency

Phishing emails often lure you with urgency. An email that wants you to act with haste should trigger a warning. If it really were urgent, you wouldn’t be approached just by email or a message. In fact, sources like banks and credit card companies will never ask you to verify your card or information through email.

If they say it’s urgent, do the smart thing and don’t click. Pick up the phone to call the sender to see if the message is genuine. By the time you start dialing, you may have figured it out for yourself.

5. Trust your instinct

This might sound like a vague tip, but taking all the others into consideration, it’s the most crucial one. After all, not everything is a scam on the internet. The hard part is to tell the difference, and it’s up to you to do that. So, every time you encounter something suspicious, ask yourself: is this something you expect? Do you trust the source? Can you verify this somehow — for example, search the internet or call the sender? If the answer is no, then it’s better to be safe than sorry.

Do you want to protect yourself from phishing attacks?

With 30 years of experience, F‑Secure sees the online dangers you don’t. To take your anti-phishing measures to the next level, get F‑Secure TOTAL to keep you safe. TOTAL includes award-winning protection against viruses, ransomware, known phishing web­sites, and many other online threats. It also includes an unlimited VPN and a pass­word manager. You can try it for free for 30 days, with no credit card required.