What is Phishing and How Do You Spot It?

Every second, somewhere in the world, someone clicks a link they shouldn't. That's the magic of phishing — a trick as old as email itself, dressed up in a new disguise every year.

So, what actually is phishing?

Phishing is when an attacker pretends to be someone you trust — your bank, a delivery company, your boss — to get you to do something you wouldn't normally do: click a link, download a file, or type in your password.

Think of it like a stranger knocking on your door wearing your neighbour's jacket.

The 5 signs that something's phishy

1. Urgency. "Your account will be locked in 24 hours." Real companies don't threaten you into clicking.
2. Weird sender address. support@amaz0n-security.com is not Amazon. Always check the domain.
3. Hover before you click. On desktop, hover over a link to see where it actually goes.
4. Generic greetings. "Dear customer" from your bank? Your bank knows your name.
5. Attachments you didn't expect. A random PDF or ZIP? Don't open it.

What to do if you clicked something

Stay calm. Disconnect from Wi-Fi, change the password of the account involved (from a different device if possible), and enable two-factor authentication everywhere.

If you handed over a password, assume it's compromised. Change it immediately.

Quick exercise

Go to your inbox right now. Look at the last 5 marketing emails. Can you spot the sender's real domain? You just did a mini-threat assessment. Welcome to cybersecurity.