- The Cyber Safety Newsletter
- Posts
- What is Phishing?
What is Phishing?
Peter Oram
March 04, 2025
Phishing is a broad term used to encompass any method used by a “bad guy” in sending you emails or messages, while pretending to be somebody else, to trick you into revealing or giving them information or access that they shouldn’t have.
This could be written communication sent via emails, text messages, DMs, or any other digital platform. The most common types of phishing are emails pretending to be anything from your bank, to a pizza restaurant, to major streaming platforms, to a person in a foreign country who is asking for help in retrieving a fortune. In each case, they want you to click on a link in the email. If you do click on it, the problems begin.
The link may take you to a page that is set up to look just like your bank, facebook, or any other site. When you enter your credentials though, they’re stolen by the person who put up the fake site. Clicking on a link could also install a virus on your computer, or other malware. Phishing emails or messages may also direct you to call someone and once on the phone they will try to get you to reveal personal information or logon details, or direct you to go to a site which looks legit, but is malicious.
The term phishing is used because, much like fishing, attackers cast a wide net in sending their messages and emails to tons of people, hoping that some will fall for it. No individual person is being targeted. The use of AI in generating these emails - writing somewhat customized and with more convincing text that often has less grammatical mistakes, as well as using a company’s logo, make these much more believable than they were in earlier years.
The solution to this is: first, don’t click on links in emails or messages. In a better world, a legitimate link would be spelled out and you could copy-paste it. This way you’re seeing where you’re going and can verify that the domain (the blah.com in https://www.blah.com) is correct, and not bleh, or bloh, or other variations that may look ok if you’re not intentionally looking for anything odd. If addresses aren’t spelled out, then on a computer, you can hover your mouse over the link and either in a tooltip or in the bottom left of your screen you’ll see where the link is going.
If you’re expecting a link to be sent - e.g. you just requested a password reset link, or you just created an account and they said they’re sending a confirmation email with a verification link, that’s fine. But if you’re not expecting it, even from a known person, links should always be considered suspicious. Your best friend may just have been hacked or a victim of identity theft, so don’t automatically assume an individual sender is safe either.
Another tip is don’t open emails or text messages that are obviously suspicious. If your name is Joe and you get a text message or email saying, “Hey Sally, I have that check ready, where should I send it?” and you open it, the attacker now knows that you opened it and can be pulled in and tempted. Even if you didn’t fall for that one, they’ll now keep sending you more.
Stay safe! Be vigilant in with your text, email, and DMs - and always be suspicious of links.
If you have questions, if you’d like to see specific topics taken up, or if you have general feedback, I’d like to hear from you! Email: [email protected].
Please share this newsletter with friends, family, colleagues, and everybody else you know. Our mission is to empower individuals and small businesses by democratizing basic cyber safety information so everyone can be safe without having to get professional level certification.
Anybody receiving this that has not yet subscribed, please do so at: https://newsletter.thecybersafety.company.
Peter Oram
Co-Founder, Chief Cyber Safety Officer
The Cyber Safety Company