What Is Phishing? How to Spot and Avoid It in 2024

The Most Common Cyberattack You'll Ever Face

Phishing is one of the oldest tricks in cybercrime — and it remains one of the most effective. Despite advances in security technology, phishing attacks continue to catch millions of people off guard every year because they exploit human psychology, not software vulnerabilities.

What Is Phishing?

Phishing is a type of social engineering attack where a cybercriminal impersonates a trusted entity — a bank, a tech company, a colleague, or a government agency — to trick you into handing over sensitive information. This can include passwords, credit card numbers, Social Security numbers, or login credentials.

The name is a play on "fishing" — attackers cast a wide net hoping someone will take the bait.

Common Types of Phishing

• Email phishing: The classic. A fake email from "your bank" or "PayPal" urges you to verify your account by clicking a link.
• Spear phishing: A targeted attack using your name, company, or personal details to seem more convincing.
• Smishing: Phishing via SMS text message. "Your package could not be delivered — click here."
• Vishing: Voice phishing — a phone call pretending to be the IRS, Microsoft support, or your bank.
• Clone phishing: A copy of a legitimate email you previously received, but with malicious links swapped in.

How to Spot a Phishing Attempt

Check the Sender's Address

The display name might say "PayPal Support" but the actual email address could be something like support@paypa1-secure.net. Always look at the full email address, not just the name.

Look for Urgency and Fear Tactics

Phrases like "Your account will be suspended in 24 hours" or "Immediate action required" are designed to make you panic and act without thinking. Legitimate organizations rarely communicate this way.

Hover Over Links Before Clicking

Before clicking any link in an email, hover over it to see the actual URL. If the link destination doesn't match the company's real domain, don't click it.

Watch for Poor Grammar and Generic Greetings

While AI has made phishing emails more polished, many still contain spelling errors or use generic greetings like "Dear Customer" instead of your actual name.

Unexpected Attachments

Be extremely cautious with unexpected email attachments — especially .exe, .zip, .docm, or .xlsm files. These are common malware delivery vectors.

What to Do If You Suspect Phishing

1. Do not click any links or download attachments.
2. Do not reply to the message.
3. Report it as phishing in your email client (Gmail, Outlook both have this option).
4. If it appears to be from a real company, contact that company directly through their official website.
5. If you accidentally clicked a link, change your passwords immediately and run a malware scan.

Protecting Yourself Long-Term

• Enable multi-factor authentication (MFA) on all important accounts. Even if your password is stolen, MFA adds a critical extra layer.
• Use a password manager — it won't autofill credentials on fake/lookalike sites.
• Keep software and browsers updated to block known exploits.
• Stay educated — phishing tactics evolve constantly. Awareness is your best defence.

Phishing works because it targets trust. The best protection isn't just software — it's a healthy dose of scepticism and knowing what red flags to look for.