Phishing: What It Is and How to Avoid It

We’ve all likely heard the term “phishing,” and may have a vague idea that it’s a common email scam. But what exactly does phishing mean, and how can tools like a firewall, encryption, or a secure email service help protect our privacy?

What is Phishing?

By definition, phishing is the attempt to obtain others’ sensitive information through electronic communication. Though broad, that meaning suggests how wide-ranging phishing scams can be, as well as how extensive of an impact they can have.

The word “phishing” itself grew from the concept behind “fishing”: using bait to attract and trap a victim. In this case, those with malicious intentions typically turn to email to entice potential victims, often for their own monetary gain. Phishers frequently aim to have their victims enter their personal information — such as addresses, credit card information or Social Security numbers — that they can then use to steal money, commit identity fraud and carry out a host of other crimes. Phishing emails trick users into freely offering up their information by disguising their messages as originating from a known and trusted source, such as a social media site or a bank. Once users click through to the dummy site, it may look almost identical to the actual website, with the same colors, tabs and logos, yet the URL itself will be slightly different, a fact often lost to many users. Even if users don’t input their private information, many phishing sites are infected with malware, which can set off a cascade of problems for the user.

Ways to Prevent Email Phishing Scams

Phishing scams have exploded in recent years, but thankfully so have options to protect email users.

One of the most effective ways to avoid phishing is by using a secure email service. Messages sent through free, public email providers may pass through a number of middle men, are often stored externally and typically do not use encryption or other stringent security measures, all of which could set your account up for an intrusion. The more open your email is, the more at risk you are for being hit with a phishing scam.

There are a number of things to look for when selecting a secure email service, such as security preparedness: Does the service offer encryption, and keep your IP address anonymous? There are also subjective factors like cost, the company’s history and its reputation.

Beyond registering for a secure email service, users can also be proactive in preventing phishing. Always enable multi-factor authentication on all accounts that offer it, and select unique passwords, and change them regularly, to increase your security. Refraining from clicking on unknown emails is smart, but often isn’t enough to completely protect yourself from phishing.