What is phishing and how to protect yourself

Introduction: Why understanding what is phishing matters

Phishing is a leading cause of online fraud and data breaches. Knowing what is phishing — and why it remains a threat — is important for individuals, businesses and government agencies. Phishing attacks aim to trick people into revealing personal or financial information, downloading malware, or authorising payments. For Australians increasingly reliant on digital services, recognising these threats helps prevent financial loss and identity theft.

Main body: How phishing works and common indicators

What phishing looks like

Phishing typically arrives by email, but also through SMS (smishing), phone calls (vishing), social media messages and compromised websites. Attackers impersonate trusted organisations — banks, utilities, government services or well-known companies — to create urgency or fear. Messages may request credential updates, claim there is a problem with an account, or offer a time-limited reward.

Common signs of a phishing attempt

• Unexpected requests for passwords, banking details or personal identifiers;
• Generic greetings rather than personalised contact;
• Spelling and grammar errors or odd phrasing;
• Links that don’t match the display text or lead to unfamiliar domains;
• Attachments that prompt immediate action or macros.

How attackers exploit trust

Phishers use social engineering to exploit human behaviour: urgency, curiosity and fear. They may spoof sender addresses, clone legitimate websites, or use compromised accounts to reach contacts. Multifactor authentication (MFA) can reduce risk, but sophisticated campaigns sometimes bypass simple protections.

What to do if you suspect phishing

Do not click links or open attachments. Verify requests by contacting the organisation directly using known contact details. Change passwords via official websites and enable MFA. Report scams to relevant authorities — in Australia, consider reporting to Scamwatch and your bank.

Conclusion: Implications and practical steps

Understanding what is phishing helps readers reduce exposure to online scams. The threat is likely to evolve as attackers refine social engineering techniques, so ongoing vigilance, software updates, employee training and strong authentication are essential. For individuals, simple habits — checking URLs, verifying senders and reporting suspicious messages — make a significant difference in staying safe online.