Phishing: What is it, and how to avoid it

A person typing on a computer while hackers use phishing to steal a file from their computer
(Image credit: Shutterstock)

Phishing is, in its simplest definition, the process of attempting to bait a victim with fake email, text, social media, or instant messages that will convince a victim that the message is legitimate. They will then share private information that the bad actor can use in a variety of malicious ways including identity theft, stealing credentials and accounts, changing passwords and taking personal or financial information either for misuse or for sale.

Phishing can also be used to infect your device with malware so that threat actors can steal additional information later or commit other malicious actions. The important thing to remember is that phishing scams want to appear legitimate so they will seem to come from someone you know or a company you have business with and will often include an attachment or link to click on which will lead you to a malicious website or download.

Phishing doesn’t just occur over email, either. You may have heard of either ‘smishing’ or ‘vishing’ – the first is SMS text message attacks that are usually sent out to thousands of numbers at a time, the second is voice call attacks. There are usually automated phone calls that invite the users to click through to someone who can “help.”

Another term you may have heard is ‘spear phishing’ which is an attack that targets specific people – either a few or just one person. Those spear phishing messages will be tailored to that victim’s specific situation or experiences, either mentioning co-workers or company business that seems both legitimate and urgent.

The sense of urgency is common in phishing attacks, whether it's a text message that claims you have a lost package and need to click a link to get it delivered properly, an email that seems to come from inside your company claiming a payroll issue or even a phone call that claims to be from a government agency like the IRS claiming that you’re in trouble for unpaid taxes.

How you can stay safe

The best way to avoid getting phished is to know the common techniques and make sure you’re only giving away personal information to legitimate websites and companies. Never click on an unexpected link or attachment – if you know the sender, contact them directly to see what they sent and why before clicking through.

If a company contacts you about an urgent matter regarding your account, don’t click anything in an email, text or message. Instead go directly to their website in the browser’s address bar and type in their web address manually and enter in your log in details yourself. This way you can make sure you’ve got the company name spelled correctly; a common phishing technique is to misspell a company name with a “0” instead of an “o.”

Maintain best practices with your online accounts: Never reuse passwords, remember you can always use a password manager to help keep your passwords secure. Use two-factor authentication when possible. Keep one of the best antivirus software programs current, updated and running on all your devices – both your PC and even your mobile device. We have recommendations for the best Android antivirus apps if you don’t already have one installed. And for added protection make sure your antivirus program has a VPN, or offers a hardened browser for an added layer of security.

More from Tom's Guide

Network
Arrow
Intego
Norton
Contract Length
Arrow
Showing 2 of 2 deals
Filters
Arrow
Amber Bouman
Senior Editor Security

Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. 

Read more
A person sat at a computer and a tablet, coding
What is social engineering and how to avoid becoming a victim
iPhone 15 Pro Max shown in hand
iMessage under attack from scammers sending phishing messages — don’t fall for it
A hacker typing on a computer
FBI issues serious warning to iPhone and Android users — stop doing this ASAP
A hacker typing quickly on a keyboard
Hackers can steal your accounts, and all it takes is a double-click — don’t fall for this new form of clickjacking
Hooded cybercriminal sitting with laptop surround by hooks
New report details the brands that scammers like to impersonate most — and you'll definitely guess who's at the top
An image of a CAPTCHA
Hackers are using reCAPTCHA to trick users into infecting their own PCs with malware — how to stay safe
Latest in Online Security
An open lock depicting a data breach
Half a million teachers hit in major data breach with SSNs, financial data and more exposed — what to do now
Green skull on smartphone screen.
Malicious Android apps with 60 million installs bombarding phones with ads and phishing attacks — how to stay safe
Malware
Dangerous new password-stealing trojan automatically reinstalls itself on infected PCs
An FBI agent typing on a computer
FBI issues warning to millions of Americans to avoid these websites that can steal your passwords and banking info
How to delete TikTok
TikTok has rolled out a vital new security feature — here's how to use it
A hacker typing quickly on a keyboard
New MassJacker malware is hijacking digital wallets to steal large sums from users
Latest in Features
The outline of a hand holding a phone, wrapped in barbed wire to indicate censorship
What are anti-censorship features and how is Proton VPN leading the way?
Casetify Bounce Suitcase
I ditched my Away Carry-On for a bright red suitcase made by a phone case brand, and I was shocked by how much I liked it
Astell and Kern HB1
I just turned my wired audio headphones into Bluetooth cans with this DAC — and the sound quality is shockingly good
Bare feet poking out of the covers at the end of a bed
Twitching in your sleep? Expert shares 5 most common causes of hypnic jerks
Two people sit on top of the Plank Firm flippable double-sided mattress in a bedroom
I've been using a luxury mattress for a year and my sleep is better than ever — here's why
Half-Life 2 RTX
I just went back to Ravenholm in Half-Life 2 RTX — Nvidia’s new RTX remix tech makes it 10x more terrifying