Phishing is a type of cyber attack where fraudulent emails are sent from fake addresses to steal a person’s sensitive information (such as usernames, passwords, or PINs).
An attacker (a “phisher”) impersonates trusted channels—email, phone, messenger apps, SMS, or other communication platforms—to trick users into revealing their account and personal information. Phishers may use stolen information to carry out further attacks, cause financial loss, or inflict emotional harm.
Common characteristics of fraudulent (phishing) emails include:
- The message contains logical errors, awkward phrasing, or spelling and grammar mistakes;
- The sender’s address is unclear or closely imitate that of a person or organization you know;
- The email requests personal or financial information;
- The email urges you to change your password or secret code—such messages are often phishing attempts;
- The email warns that your password has been changed or that payment/account details have been altered;
- The message claims you have won a large sum of money, an inheritance, or a prize;
- Phishing is often carried out using fake websites with look‑alike or spoofed domain names that imitate legitimate sites.