Phishing – when someone tries to trick you

Phishing is one of the most common and dangerous forms of digital fraud. It's pronounced like the English "fishing" – and that's exactly what it is: someone is trying to "fish" your information by luring you into doing something you shouldn't.

It often happens without drama – but with something that looks like ordinary communication. An email, a text message or a call pretending to be from someone you trust: the bank, the tax authorities, a colleague, your boss or a well-known company.

The point of phishing is simple: to get you to reveal something you would normally keep secret, or to make you click something that infects your device with malicious software – e.g. spyware, viruses or ransomware.

How does phishing work?

Phishing can look very different, but often follows this pattern:

  1. You receive a message that looks legitimate
  2. It tries to create pressure or panic:
    • "Your account will be closed!"
    • "There was a problem with your payment"
    • "You need to verify your information immediately"
  3. The message contains a link or an attachment
  4. If you click the link, you are taken to a fake website that looks real
  5. You are asked to enter information which is sent straight to the scammer
  6. Or: you are tricked into downloading a file that actually contains malware that can infect your computer or phone

In some cases you're called or contacted via social media – this is called vishing (voice phishing) or smishing (SMS phishing).

PHISING1

What are they trying to get?

Phishing is rarely about you personally – it's about access and money. Typically the attacker tries to obtain:

  • Passwords
  • Credit card details
  • Social security numbers
  • One-time codes sent to your phone
  • Documents or pictures from your email
  • Information from your workplace or internal systems
  • An opportunity to install malware that gives them access later

Some phishing attacks are highly targeted. This is called spear phishing, where the scammer uses information about you to make the message more convincing. They might know your job, your boss – or that you've just been on vacation.

PHISING2

How to recognize phishing

Many phishing attempts can fortunately be spotted if you know what to look for. Be especially aware if:

  • The sender seems suspicious or slightly off
  • The email contains spelling mistakes or strange wording
  • You're asked to click a link or open a file you weren't expecting
  • There's pressure on you to act quickly
  • The message seems too important, too threatening – or too "random"

Always check:

  • Who is the sender?
  • What exactly is the link you're supposed to click?
  • Is it normal for this person to ask you for this?

A single click or opened file can be enough. If you're in doubt – don't do it.

What can happen if you fall for it?

If you become a phishing victim, things can happen fast:

  • Your accounts can be taken over
  • Money can be stolen from your bank or e-wallet
  • Private documents or photos can be leaked
  • Malware can be installed and monitor your actions
  • Ransomware can lock your computer and demand payment
  • Your identity can be misused to scam others in your name

Often you only discover it after the damage is done.

How to protect yourself from phishing

Fortunately you can do a lot to avoid phishing. Here are some good tips:

  • Never click links you aren't 100% sure about
  • Check the sender's email address – even if the name looks correct
  • Never open attachments you weren't expecting
  • Never enter passwords via links in emails or messages
  • Use two-factor authentication – so the scammer can't log in even if you give away your password
  • Keep your software, browser and operating system updated
  • Use antivirus and browser protection that warns about dangerous sites

And most importantly: pause and think. Phishing works because it plays on our busyness and reflexes. A few seconds of thought can make all the difference.

PHISING3

It's not you – it's them

Phishing is nothing to be ashamed of falling for – it's something anyone can be hit by. Even trained staff and technicians have been fooled by professionally executed attacks.

Therefore the best protection is not perfection – but attention. If you know the signs and your own digital habits, you're already one step ahead of the scammer.

When you pause – and dare to doubt for just a moment – it's often enough to expose the scam.