How to Recognize Phishing Attacks

An illustration of a woman looking at a gift box, with an evil face on it, with a telescope.

The most common online threats facing hundreds of millions of users on a daily basis have to do with various social engineering schemes. At its core, social engineering is about tricking people into revealing sensitive information or breaking normal security procedures.

What is phishing?

Phishing attacks are among the most frequent social engineering schemes. They involve email, social media, SMS, or chat messages designed to trick people into sharing information that might help a more significant crime or installing malware by clicking a link or opening an attachment.

Most phishing attacks are conducted through generic mass messages that appear to be legitimate and come from a source that you would normally trust (e.g. from a government agency, bank, or social media service). But there are also phishing attacks targeting specific individuals or groups, and malicious actors are constantly innovating and changing their tools and tricks.

Types of phishing attacks

These are the most common types of phishing attacks:

  • Spear phishing is a type of fishing attack in which a malicious actor targets a specific person through email, social media, SMS, or chat messages that look convincingly like they come from someone the target knows – like a colleague or friend.
  • Whaling attacks are spear phishing attacks that target the “big fish”, such as heads of organizations and owners or chief editors of media organizations. Whaling attacks typically involve scam email messages that look like important email sent from government officials or partners from important organizations such as donor agencies.
  • SMiShing attacks involve SMS messages (texts). Scammers carrying out these attacks may impersonate someone you know to ask for money or personal information. Most often, people behind these attacks pose as a service you use (e.g. courier company or online shopping platform) to request a payment or offer an update. Increasingly often they pose as WhatsApp, Facebook or another social media company to ask you for the verification code that you receive via the platform.
  • Vishing attacks involve using voice calls. Scammers carrying out such attacks often pose as employees from government agencies. They normally use threats and convincing language to make victims feel as though they have no other option than to provide the information being requested.

Phishers target emotions

What is common to most phishing attacks is that they try to exploit powerful human emotions. These include:

  • Greed: attackers typically offer financial rewards or other incentives if you just click that link, open that attachment or complete that form.
  • Urgency: attackers create a sense of urgency with a tight deadline for action.
  • Curiosity: attackers lure a victim into clicking on a link by promising unique and interesting content.
  • Fear: attackers warn of negative consequences if you do not take action.

Spotting a phishing email

Phishing tactics are constantly evolving. Phishing emails often mimic the style and use real logos of legitimate organizations to fool you. Yet many phishing emails have one or several of the common features listed below that can help you spot such attacks:

  • Fake email addresses that look real to fool you. For example, attackers may pose as Amazon to try to steal your credentials by fooling you into “updating” or “confirming” your details. You should realize that something is off when that email comes from an address ending in or, rather than Also, it is worth keeping in mind that no legitimate and large organization will send you emails from an address ending in, or any other email platform designed for the general public.
  • Embedded links which, when you click on them, take you to fake websites seeded with malware. Never click on links without first checking where they take you. You can see the full website address by hovering your muse over a link.Before clicking on a link that you find even a tiny bit suspicious, scan it with a link scanner such as Norton Safe Web ( Use extra caution when dealing with shortened URL links. To check the real URL link behind a shortened one, use a free online service such as UnshortenIt (
  • Attachments that infect your device with malware once you open them. It is one of the most basic digital safety rules that you should never open attachments from senders you do not know or do not trust fully. Also, legitimate organizations will never send you attachments unless you specifically ask them to forward you something.
  • Poor grammar or weird language. Scammers using mass emails to carry out phishing attacks often target people in dozens of different countries. Instead of investing in translating their messages and customizing them to better target local audiences, they use free online translations services. As a result, phishing emails often use unnatural or plainly weird language and contain grammatical errors.
  • Generic salutation instead of your name. When an email begins with a generic salutation such as “Dear customer,” “Dear account holder,” or “Dear valued member,” this should immediately make you suspicious. Legitimate organizations contacting you will often know your name.