What is phishing — risks, signs and how to protect yourself

Introduction — why knowing what is phishing matters

Phishing is one of the most common cyber threats affecting individuals, businesses and government agencies. Understanding what is phishing is important because these scams aim to steal credentials, money or sensitive data, and they often rely on human trust rather than technical flaws. As phishing becomes more sophisticated, everyday users and organisations must recognise the risk and take practical steps to reduce harm.

Main body — definition, methods and signs

Definition

Phishing is a social engineering technique where attackers impersonate a trusted person, company or service to trick victims into revealing information, clicking malicious links or opening infected attachments. The attacker’s goal can be credential theft, financial fraud, identity theft or installing malware.

Common techniques

Phishing appears in many forms: email remains the most frequent vector, but scams also arrive via SMS (smishing), voice calls (vishing), social media direct messages and fake websites. Attackers may use look‑alike domains, cloned login pages, or urgent‑sounding messages to pressure recipients into acting quickly.

Warning signs

Typical indicators of phishing include unexpected messages asking for passwords or payment, poor grammar or spelling, mismatched sender addresses, suspicious links or attachments, and requests to bypass normal security procedures. If a message creates undue urgency or asks you to verify credentials outside an official channel, treat it with caution.

Practical steps to protect yourself

Defend against phishing by enabling multi‑factor authentication (MFA) on important accounts, keeping software and browsers up to date, and using reputable security tools. Verify unexpected requests by contacting the organisation directly using known contact details, hover over links to check destinations before clicking, and avoid opening attachments from unknown sources. For businesses, regular staff training and simulated phishing exercises reduce risk.

Conclusion — significance and next steps

Phishing will remain a major vector for cybercrime because it exploits human behaviour. Staying informed about what is phishing and practising simple habits—MFA, careful link checking, software updates and reporting suspicious messages—greatly reduces the chance of falling victim. In Australia, suspected scams can be reported to Scamwatch (ACCC) or the Australian Cyber Security Centre (ACSC). Organisations should continue investing in user education and incident response to limit damage when phishing succeeds.