Published May 23, 2023Updated Sep 7, 2023
Contribute to Docs

Phishing is a form of fraud which aims to trick users into sharing sensitive information or personal data or downloading malware. Phishing can happen through many mediums, including emails, text messages, voice messages, phone calls, or social media. Phishing is one of the most common types of cyber attacks, and it relies on social engineering to defraud users.

Consequences of Phishing

Phishing can harm users in many forms with a wide range of severity. Successful phishing attacks can result in the following:

  • Identity theft,
  • Financial loss,
  • Damage to hardware (e.g. laptop) or software,
  • Damage to personal or business reputation.

Types of Phishing

Phishing can happen through any communication channel, and usually, the attacker pretends to be a person or organization the user recognizes or trusts. The following table contains the different types of phishing techniques:

Type of Phishing Definition
Bulk Phishing Emails Deceptive messages sent to a large number of recipients, impersonating legitimate organizations or people to obtain sensitive information or infecting devices with malware. This is the most commonly used type of phishing technique.
Spear Phishing Personalized, fraudulent emails that trick users into revealing sensitive information or performing malicious actions.
Business Email Compromise Manipulated or compromised legitimate email accounts within a business or organization that tries to deceive employees or customers into sharing sensitive information or making financial transactions.
SMS Phishing Phishing through SMS or phone text messages.
Voice Phishing Phishing through phone calls or voice messages.
Social Media Phishing Impersonated or compromised accounts of individuals or organizations on social media platforms that try to trick users into revealing personal information or manipulating them into downloading harmful content.
App or In-App Phishing Phishing that occurs within a mobile or web application through deceptive fraudulent interfaces.

Signs of Phishing

Although phishing emails or messages can be persuasive and take many forms, they often share certain characteristics that can help identify fraudulent content. These characteristics are:

  • Unusual or unknown sender,
  • Generic greeting,
  • Poor spelling and typos,
  • Deals, giving away or winning something,
  • Request for personal information,
  • Request for sending money,
  • Request to complete actions urgently,
  • Unrealistic negative consequences of completing actions,
  • File attachments,
  • Links or shortened links in the message.

Phishing Prevention

As phishing attacks continuously evolve, it is important to be prepared to prevent them. The following best practices can help to reduce the risk of phishing attacks:

  • Awareness and continued education on phishing techniques,
  • Staying alert and being cautious before taking actions (e.g. clicking links or providing information),
  • Regularly installing software updates,
  • Frequently changing passwords.

The following tools can support users in preventing phishing:

All contributors

Looking to contribute?

Learn Cybersecurity on Codecademy