Phishing, Its Signs, and Ways to Defend Yourself Against It

How phishing works

Phishing is a threat that not all people are aware of, but it’s a problem that persists now more than ever. According to StationX, over a trillion phishing emails are sent globally each year and a third of all data breaches involve phishing.

The greatest danger is that this fraudulent practice leads to serious consequences such as identity theft, financial losses, and emotional distress, among other things.

But what is it, how does it work, and how can you protect yourself? Let’s discuss below.

What Is Phishing?

Phishing is a scam where an attacker tricks an individual or organization into giving out sensitive info. The attacker usually poses as a legitimate entity such as a bank or charity or even a personal contact. They utilize a message, email attachment or link, or something else that can help steal identifiable information. Most phishing scams look innocent, but they are in fact very dangerous.

How Does Phishing Work?

The process of phishing is risky because of how elaborate it is. Here’s a look at how phishing can occur:

  1. The con artist will start by creating a message, usually via email or a messaging app, and pose as a legitimate organization or person.
  2. The message can entail anything, but usually the attacker asks to send personal and (or) financial information.
  3. A link or attachment can appear in the communication. The potential victim may be encouraged to click that link or download the file.
  4. The attacker will then have full access to the recipient’s data if the recipient follows through. The file someone downloads might be a malware or ransomware program, or the link might require someone to provide sensitive data.

Emotional Responses Can Support a Phishing Scam

This process depends on the recipient’s emotional responses. Sometimes, a person might be encouraged to open something because it’s urgent, or it might be something that a person is generally curious about. Some people might also be trusting to the extent that they’re willing to open or download anything if they think that what they see is real.

What Venues Do Con Artists Use?

Here are the three common places where phishing takes place:

  1. Emails

The most widespread attack is email phishing when a con artist aims to gather info from other people via email platforms. Instead of targeting a single party, the attacker will reach many people with requests to send sensitive information like login credentials, SSN, bank account details, and more.

Spear phishing attacks are also common threats scammers use to gain access to data. Spear phishing is a fraudulent practice aimed at one person or organization. In this case, the message is crafted differently, as it has to target only one recipient.

  1. Text messages

Phishing can also occur through text messages (also known as smishing). The recipient might be asked to open a link, call a phone number, or send an email to a specific address listed in the text message. And the second they do, they automatically become potential victims.

According to HT Tech, hundreds of thousands of SMS attacks occur around the world each day. The rise of use of smartphones for business and communication makes smishing even more commonplace, as not everyone checks messages for authenticity.

  1. Phone calls

Phishing scammers can also utilize telephone calls to attack others (also known as vishing). An automated or non-automated call can reach many phone numbers. This practice is one people often fall for because they assume that traditional phone communications are more trustworthy than online connections. The increasingly elaborate nature of text-to-speech programs also makes vishing harder to track.

The Most Common Signs of a Phishing Attack

Smishing is a type of phishing

Part of working to keep phishing from being a threat includes phishing awareness and understanding the risks involved. Many people facing phishing aren’t fully aware they’re being targeted. In addition to people not being aware of the signs of phishing, they also frequently assume that the links and content they receive make sense. Some might believe that the message or call is relevant to many things in their lives or are just willing to trust it at face value. But it’ll be easier to avoid phishing when you know the signs of it, especially as attacks become increasingly sophisticated. Here’s what to watch out for:

  1. An unfamiliar tone

The message, email, or phone call you receive might sound different from what you normally get. If anything you read or hear sounds unlike regular communications, it’s probably a phishing attempt. Any suspicious requests must be carefully reviewed before you click on any links or download any attachments.

  1. Various errors

Many phishing messages have misspellings or grammatical errors. A professional business will use spellchecking or grammar-reviewing programs for their messages and won’t write an email with obvious errors.

  1. Unusual email addresses and website domains

Phishing content often comes from an email address or website with an unusual name. There might be a misspelling in the domain name, or, in the case with vishing, you might get a call from a number with an area code you don’t recognize.

As an example, during the 2022 World Cup, multiple groups created schemes to gather information from others. Some groups ran phishing website pages or sent emails with subject lines like “Free World Cup 2022 Tickets” or “2022 World Cup Jobs in Qatar.” Scammers took data sent in by people looking for tickets to games or jobs in Qatar, including sensitive content like credit card numbers. Many people were highly anticipating the event and didn’t suspect anything when they were asked to provide personal details.

  1. General threats

One common way how phishing works involves threatening language. You might be told to do something and suffer the significant consequences for not following orders. For example, in 2024, residents of San Bernardino County, California, were warned about a vishing scam where potential victims were told that their driver’s licenses could be suspended if they didn’t make urgent payments. This is a classic example of any phishing scam.

  1. Surprise attachments

This next concern relates to attacks on emails and instant messaging platforms. A phishing email or message might include a file attachment that could be ransomware or malware. This attachment can come from an address you don’t know or from an address that mimics the one you’re familiar with.

  1. Request for data or money

Many phishing attempts also include direct requests for specific data like Social Security numbers or credit card details. Some messages also scare people into sending money to scammers. Such messages should especially be treated with suspicion if you didn’t specifically request anything of this kind from someone.

How to Defend Yourself Against a Phishing Scam

Protect yourself from phishing

You can use the following steps to protect yourself:

  1. Be aware of what a phishing attack looks like

Make sure you’re aware of the signs of a phishing attack. If the message or call requires you to provide personal information, looks unprofessional, or isn’t something you expected, it’s likely a scam.

  1. Use proper security software

You can use various security programs to identify viruses, malware, and other outside threats on your computer or mobile phone. Antiviruses can particularly spot things like spam emails or messages that are different from the norm.

  1. Never give out your personal information (even if you think the source is legitimate)

Instead of revealing your personal information via suspicious emails, messages, or phone calls, reach out to the person or organization directly and ask if they’re the ones requesting the data. If not, block the email or number you’ve been contacted from.

  1. Find out who’s sending you suspicious messages or emails or calling you

If you’re uncertain about the source of a message, email, or phone call, Nuwber will help you figure out who it’s from. Simply reverse search the email address or phone number to trace its owner.


Phishing is evolving, so it’s essential to learn how to keep phishing attacks under control. Whenever you receive threats, payments requests, or suspicious attachments from an unfamiliar sender whose message has grammatical errors or an unusual tone, it’s a huge sign to step back and think twice before interacting with them.

Phishing is a serious matter, as it can lead to identity theft, financial losses, and in the case with businesses, reputational damage. That’s why it’s important to be as careful as possible.


What are the common types of phishing?

Email phishing, smishing, vishing, spear phishing, and whaling are some of the common types of phishing. Even though they’re executed on different platforms, the signs are practically always the same.

What are scammers likely to request?

Scammers are likely to request personal data like credit card details, Social Security number, login credentials, driver’s license numbers, and other information that shouldn’t be shared with others.

Can I click on a link in a phishing email even if I won’t enter the info?

No. Clicking on a link can download malware or spyware. Some links look innocent to the extent that they can get over spam filters and trick users into clicking on them. The best option is to ignore unsolicited messages.

How to tell the difference between a legitimate email address and an illegitimate one?

The email address sending the malicious message might be slightly misspelled by one letter or have a different extension. You can also try searching for the communication with the email address in question in your email box. If you’re sure that you’ve already interacted with it but there’s nothing you can find, there’s a high possibility that the new email address is illegitimate.

Why should I use Nuwber to determine the source of a message or call?

Nuwber is an efficient platform to determine who the message, email, or call came from. The data it provides is accurate and up-to-date. Plus, you’ll find additional info about the sender or caller, including their location, age, and even criminal records, which will help you see a bigger picture.

Eugene Kirdzei
Eugene Kirdzei

Chief Technical Officer at Nuwber
With nearly two decades of experience in the IT industry, Eugene possesses comprehensive knowledge across his professional field, including in data management, data protection, and information search. Through his writing, he aims to provide valuable insights and practical advice on how to safely explore the online environment and leverage digital tools to enhance people’s lives.