What is a Phishing Scam? Definition

How Phishing Scams Work

Scammers typically use social engineering—psychological manipulation designed to make you act without thinking.

• The Lure: You receive an unsolicited email, text, or call that looks legitimate, often using official logos and branding.
• The Hook: The message creates a sense of urgency or fear (e.g., "Your account will be suspended") or promises a reward (e.g., "You won a gift card").
• The Action: You are prompted to click a link to a fake website that looks identical to a real one or to open an attachment that contains malware.
• The Catch: Once you enter your credentials (passwords, PINs, or credit card numbers), the scammer steals them to commit identity theft or drain your accounts.

Types of Phishing Scam

How to Spot a Scam

• Urgent or Threatening Language: Demands for immediate action to avoid negative consequences.
• Generic Greetings: Using "Dear Customer" or "Valued Member" instead of your actual name.
• Mismatched URLs: Hovering over a link reveals a web address that doesn't match the official company site.
• Poor Grammar/Spelling: Unusual phrasing or typos, though AI is making these harder to spot.
• Suspicious Sender Address: The "From" field uses a slight misspelling (e.g., support@micr0soft.com instead of microsoft.com).

Received Suspicious Message

1. Don’t Click or Download: Avoid interacting with any links or attachments.
2. Verify Directly: Contact the organization using a phone number or website you find independently—never use the contact info in the message.
3. Report It: Forward phishing emails to the Anti-Phishing Working Group or use your email provider's "Report Phishing" tool.