Phishing is the attempt to trick you into taking an action that will give the attacker access to your information or resources.
This used to be done by sending out a mass e-mail to as many people as possible. Some people would end up opening it. Today, that kind of thing still happens. You’ve probably received e-mails that say your bank account, or your e-mail, has been suspended due to a problem with the account. Or perhaps it is about a problem with a FedEx delivery. You are instructed to click on a button or link to resolve the problem. If you do, the bad guy has “hooked” you.
But a great deal of today’s phishing is much more sophisticated The person sending the e-mail has done their research and sends a very specifically-crafted and well-targeted e-mail to just one or to a very few people. It is so well done that it looks legitimate and is appropriate to the circumstances in the recipient’s life or work. The recipient may never suspect that it is malicious and that it can compromise their computer. Or, they may discover it, too late, after the “dastly deed” has been done.
Even a well-informed and cautious person can find it difficult to determine whether these well-designed phishing attempts are legitimate e-mails or are actually phishing attempts. But the first step toward not becoming a victim is to be aware of how sophisticated some of them are. That awareness might just give you the chance to question and then attempt to validate the e-mail before becoming “hooked.”