Phishing
Phishing
A fraudulent scheme that uses fake emails and websites to steal personal information such as passwords
In Simple Terms
Phishing is a scam that uses fake emails and websites to trick people into revealing their precious personal information. For example, an attacker might send a fake email pretending to be a well-known online retailer or bank, claiming something like "Your card has been used without authorization." They then direct you to a fake site that looks just like the real one, where you're prompted to enter your ID, password, and credit card number — and just like that, the attacker steals them all.
Behind the Name
Phishing. The name comes from "fishing" — the idea of luring users in like fish on a hook. The spelling uses "Ph" instead of "F" because it's thought to have been influenced by the hacker culture of the time, such as phreaking.
Take a Closer Look!
Phishing is a type of cyberattack in which criminals impersonate real companies or services through emails, SMS, or other messages to lure victims to fake websites and steal their personal information.
Credit card numbers, addresses, and login credentials such as IDs and passwords are common targets.
Attackers craft urgent-sounding messages like "Your account has been suspended" or "Your payment is incomplete" to pressure victims into visiting a fake site or entering their information.
These fake sites often copy the exact look and layout of the real official site, making it extremely difficult to spot the fraud just by looking at the page.
Beyond email, attackers may also reach out through social media direct messages, chat platforms, or by tricking victims into opening file attachments.
A widely recommended defense is to avoid clicking links in emails directly — instead, access sites through your saved bookmarks or the official app.
Developing the habit of checking whether a URL looks slightly different from the real one, and setting up two-factor authentication, also helps strengthen your security.
Spam filters and other system-level defenses continue to improve, but because phishing is specifically designed to slip past human judgment, staying protected requires both technical safeguards and user literacy working together.