What Is Phishing? How Does it Affect You?

Mohammed Emran /
shutterstock 531057949

It’s possible that since becoming an active Internet user, you have heard of the term “phishing.” The term itself refers to a kind of fraudulent activity that affects users by scamming them through fake emails meant to come from a reputable company. 

Phishing started in the mid-90s, right when the Internet boomed and became popular among everyday households. It was easier to scam users because we knew little about online fraudulent activity. 

Nowadays, users are more aware of phishing attempts through emails trying to gain access to personal information like bank accounts and social security numbers. Still, the amount of phishing attacks is high despite all the security to protect sensitive information. It’s a matter of being able to correctly identify phishing attempts and what to do about it if you catch them. 

What Exactly Is Phishing?

Phishing is a crime in the form of a scam received through email, text message, or phone. The way phishing works is by a user receiving some type of phishing email that poses as a legitimate company. 

This “company” attempts to lure the customer into providing the phisher with personal information that they can later use to access username and passwords, credit card information, and any other sensitive user data. This can cause identity theft or financial loss. 

Common Features of Phishing

Phishing campaigns all have a tendency to exhibit features that are easily believable and that seem completely plausible to a user. 

  • Sense of Urgency – Most phishing messages will create a sense of urgency with the customer. It could be an offer to purchase something or a deadline to reply to a certain message. It’s a way to intimidate and manipulate customers into thinking that if they do not “act now,” they will lose whatever opportunity the scam is offering. 
  • Links – This is probably the most common way to entice someone into a phishing scam. The person receiving the phishing message will get curious about the offer presented and feel tempted to click on any links provided just to make sure that the offer is truthful. Often, even if the person hovers their cursor over the link, it might initially look like a legitimate URL, but with a closer look, you notice that there’s a slight misspelling or the link takes you to a completely different website than advertised. 
  • Too Good to Be True – Chances are that if the email you’re getting has a lot of incredible offers and information, it’s probably not true. This is a tactic used by phishing campaigns trying to use eye-catching statements and attention-grabbing proposals to get people to share their personal information. So, no, you probably did not win one million dollars. 
  • Weird Senders – Almost all phishing emails or messages you might get will come from a sender that you will not recognize or that has an unusual name or email address. Every once in a while, you might get an email from someone that you do actually know, but if their email seems odd, chances are their account got hacked and your friend is not really sending you an offer for a free car with a simple click on the link. 

Most Common Types of Phishing

Just like with everything, there are multiple types of phishing out there. However, there are particular types of phishing methods you should try to protect yourself from. 

Spear Phishing

This type of phishing aims to target individuals in a corporation or system administrators in big companies that have access to important financial information on a corporate level. The term “spear-phishing” stems from a fishing reference⸺when people fish with a pole, they can catch any kind of fish or item. However, when someone is fishing with a spear, they are looking to catch a particular fish, hence the term for this type of tactic. 

Spear phishing mostly comes as an email that looks formal enough to catch the attention of the person opening it. For example, the letter received might have a case number and a reference to a legitimate entity like the Better Business Bureau attempting to accuse the company of some type of violation. These are the scams that later result in data breaches that compromise, not just the company’s information, but also that of the users in their databases. 


Whaling literally goes after the “big fish.” This type of phishing is much more targeted and specific than spear phishing. It attacks the CEO of a company, for example, with a serious enough accusation that scares the person. It could be an alleged lawsuit that might affect the reputation, honor, and trust of a company. It will entice the person opening the correspondence to click on a link that will then ask the user to enter a specific set of data in order to access “more information” about the lawsuit. 


Though it may be slightly uncommon, you can still get phishing scams through text messages. A common strategy used by scams like this one is to send a text message to a user telling them that their bank information was compromised or exposed without their authorization. It will provide a link for the person to log into and type in their bank information for verification. This gives the attacker access and control over the user’s account and endangers their identity and financial access. 

How to Avoid Phishing Attacks

Phishing attacks happen, and they are more common than we might think. There are ways to prevent and protect our information from not only phishing attacks, but any other scam or virus out there that is trying to gain access to our personal information. 

  1. Multi-Factor Authentication
    While it gets a little tiring, and perhaps even annoying, to have to verify your identity multiple times when logging in to your bank account, this type of verification can save you a headache later by giving you an extra layer of protection from cyberattacks. Just in case someone ever gets a hold of your username and password, it’ll be extra hard for them to gain full access to your account by enabling multi-factor authentication on all of your personal logins.
  2. Automate Software Updates on Phones
    We all get the little pop-ups on our phones reminding us to update the software. The next time you get one, make sure you do it. Software updates normally bring forth changes that enhance the security of your phone and that fix security glitches that could have previously exposed users’ data to prying eyes.
  3. Security Software and Frequent Backups
    We should all have some type of security software installed on our computers to provide a firewall against phishing scams and hackers. These types of software will protect your information from security threats and give you peace of mind knowing that your information is safe. It doesn’t hurt to also perform frequent backups that are not connected to your home network. If someone hacks into your personal accounts, at least this offers a safe alternative to recovering your information without a second chance of exposure.