Phishing is a type of fraud that uses fraudulent text messages, emails, phone calls, or other forms of communication to trick victims into revealing sensitive information. The ultimate goal of phishing scams is often to steal the victim's money or commit identity theft.

According to the Federal Trade Commission (FTC), scammers carry out thousands of phishing attacks every day, hoping to catch victims off guard. Fortunately, you can protect yourself by understanding what phishing is, the signs of a phishing scam, and how to avoid it. Here's what you need to know.

What is phishing?

Phishing is a type of scam that uses fake emails, text messages, phone calls, or other methods to steal a victim's information or money. Scammers typically impersonate trusted businesses or organizations (such as online shopping platforms, banks, or government officials) to carry out phishing attacks. They may try to defraud you or collect your personal data to steal your identity or sell it on the dark web.

How does phishing happen?

Phishing often uses social engineering tactics designed to pressure the target into acting quickly. For example, you might receive an email containing a fake invoice for $400 worth of printing equipment. The possibility of being charged a large amount may frighten you, which could force you to quickly click a "View Order" link. That link might take you to a fake website asking for your bank account number or other sensitive personal information. Alternatively, it might download malware onto your computer.

Because scammers pressure you to act before you have a chance to consider their request, the best defense is to slow down before deciding whether and how to interact with the sender.

Types of phishing attacks

Phishing scams are an evolving threat, with criminals constantly updating their tactics and leveraging new technologies. Here is a breakdown of different types of phishing attacks based on the target and the communication method used by the scammer.

Spear Phishing: Spear phishing is a type of phishing that targets specific individuals or groups within an organization. It is the opposite of phishing, which sends out mass emails or texts indiscriminately, casting a wide net in hopes that someone will take the bait. Spear phishing, on the other hand, uses information it believes a particular individual will find interesting to trick them into clicking an attachment or link.

Whaling: Whaling is a type of phishing attack that targets corporate executives, such as CEOs. These victims are highly valuable to criminals because they may have access to large amounts of sensitive data or funds.

Email Spoofing: Email spoofing is when a scammer forges an email to make it appear as if it comes from a trusted source, such as a company CEO or a popular online shopping platform. In reality, these emails are designed to steal information from you. They may also contain links or attachments containing malware.

Smishing: Smishing, a combination of "SMS" and "phishing," uses text messages to trick you into sharing sensitive data or clicking malicious links.

Vishing: Vishing, a combination of "voice" and "phishing," uses fraudulent phone calls to attack victims, often involving fake caller ID.

Quishing: Quishing is a relatively new form of phishing that uses QR codes to direct users to harmful websites. Scammers may place these malicious QR codes over real ones, such as on parking meters. Once you visit the site, you may be prompted to enter sensitive information, or your device may become infected with malware.