How Phishing Works


The word “phishing” is pronounced in the same way as “fishing,” but looks different. This is the essence of phishing on the Internet: it is something that pretends to be something that it’s not in an attempt to gain access to sensitive information such as passwords, logins, usernames and financial data including credit card numbers and expiration dates. According to a report by Microsoft in 2014, the annual harm from phishing could be as much as USD$5 billion.

Phishers often try to gain access to sensitive information by sending out emails that look as if they come from legitimate companies such as eBay, Paypal, Bank of America and others. Today, hiring a designer and creating a webpage or an email that looks exactly like some other webpage or email is extremely easy. Therefore, you will not be able to tell a phishing email from a regular email simply looking at the design and content.

Phishing emails also try to get your attention and somewhat scare you. For this reason, they would often have subject lines such as Paypal Important Notice About Your Account, “Ebay Critical Notice.” One of the differences that you will see between a fake email and an email from a legitimate company is that a fake email is not likely to know the spelling of your legal name. For this reason, scammers are likely to use a salutation such as “Dear eBay user” instead of your name. However, even use of your name is not a guarantee that the email is not fake because you may be a high-profile target and scammers may have collected a lot of information about you already.

An email from phishers would typically contain a link that phishers would want you to click. It is also possible that the email would contain an attachment or a phone number that the phishers will want you to call. The good news is that most email service providers today, such as Gmail, Hotmail, and others, are very safe platforms and unless you click on the links, call or open an attachment, the email is actually harmless.

The way to know that the email is a phishing email is by looking not at the link in the email but at the link in the browser address line if you click on the link. The address there will not be a legitimate address. For example, it will never be It will be, or something like that.