Spotting the Fake

Anatomy of a Phishing Attack

What is Phishing?

Phishing is a digital trap. It's when an attacker sends you a fake email, text message (called "Smishing"), or instant message to trick you into revealing sensitive information. The goal is simple: steal your credentials.

You get an email from "Netflix" saying your payment failed. It looks real. It has the logo, the right colors. It urgently tells you to click a link to update your billing info.

You click. The website you land on looks *exactly* like the real Netflix login page. But it's a fake, a pixel-perfect clone. You enter your email and password. Nothing happens, or maybe it just redirects you to the real Netflix site.

You've just handed your password to a criminal. That password will now be tried on your bank, your email, and every other high-value account you have.

How to Spot the Phish

Your premium gadgets can't click for you. You are the final line of defense. Here's how you spot the con.

Your 5-Second Phishing Check:
  • 1. Check the Sender: Look at the *full* email address, not just the name. A real email from PayPal won't come from [email protected].
  • 2. Hover the Link: This is the most important check. Before you click, hover your mouse over the link. Look in the bottom-left corner of your browser. The link preview should go to a legitimate domain (like paypal.com). If it goes to paypal.login-portal.biz, it's a trap.
  • 3. Look for Urgency or Threats: Language like "Your account will be suspended," "Immediate action required," or "You've won a prize!" is designed to make you panic and not think. Real companies don't operate this way.
  • 4. Check for Generic Greetings: "Dear Valued Customer" is a red flag. Most legitimate services will use your actual name.
  • 5. Never Trust, Always Verify: If an email says your bank account is locked, do not click the link. Close the email. Open a new browser tab, go to your bank's website by typing the address yourself, and log in normally. If there's a real problem, you'll see it there.

Beyond the Basics: The Evolved Phish

Phishing isn't just bulk spam anymore. It's gotten sophisticated.

Spear Phishing

This is a targeted attack. The scammer has done their homework. They know your name, your job title, and maybe even your boss's name. The email looks like it's from your IT department, asking you to "log in to the new company portal" (a fake site) to "verify your account details." This is how major corporate breaches start.

Smishing & Vishing

This is phishing, but over text (SMS) or voice. You get a text: "A new device has logged into your Apple account. If this was not you, secure your account here: apple-support.link." It's the same con, just on your phone. "Vishing" is a voice call, often a robo-call, trying to get you to press "1" to speak to a "fraud department agent."

The End Goal: Malware

Sometimes, the goal isn't just to steal your password. The link in the email might directly download a file. This file is malware, and once you run it, the attacker has a foothold on your machine. This is a common way to get infected with Ransomware.

← Back to Learning Centre