What Is
Phishing?
You’ve probably heard of phishing—but what exactly is it, and how can you protect yourself?
Phishing is a type of cyberattack where criminals use fake emails, texts, calls, or websites to trick you into sharing sensitive information, downloading malware, or exposing yourself to fraud.
Here’s how it typically unfolds:
- The attacker pretends to be someone you trust—a colleague, your boss, a government official, or a representative of a well-known company.
- They might send you an email, text message, or voice call, asking you to pay an invoice, open an attachment, click a link, or take some other seemingly harmless action.
- There is almost always a sense of urgency, as attackers want you to act quickly—before questioning whether the request is genuine.
- If you respond, they may gain access to sensitive information, install malware, or trick you into transferring money or credentials—often without you realising it.
What makes phishing especially dangerous is that it targets people—not systems. Attackers rely on human trust to bypass even the best security tools. Instead of hacking their way in, they manipulate someone who already has access—making it much easier to steal information, money, or more.
What should you do?
Stay cautious with unexpected messages or requests. If something feels off, it probably is. Don’t click suspicious links or open unexpected attachments. If you’re unsure, double-check the request with the sender using a known contact method. Staying alert is your best defence.