Phishing
What is Phishing?
Phishing is a deceptive technique used by malicious actors to trick individuals into revealing sensitive information such as passwords, credit card numbers, or personal data by posing as a trustworthy entity via email, websites, or messages. It exploits cognitive biases like authority and urgency to bypass rational decision-making and prompt quick, often risky, actions. In the digital landscape, phishing also undermines user trust and can significantly impact website credibility and SEO performance.
The Basic Idea
We’ve all been there. You’re checking your email when suddenly: jackpot! You’ve won a brand new iPhone 19 (does that even exist yet?) from a contest. You don’t remember entering, but your hopes are up because surely you must have entered something at one point, given how often you sign up for things online…
Or maybe you’ve had the privilege of being contacted by a Nigerian prince who needed your help moving millions of dollars out of the country. You’d never even been to Nigeria, and you’re not sure why he’d chosen you, but you were honored nonetheless. All he needed was your bank account, your Social Security number, and your eternal trust.
Or maybe it was one of the texts that we all seem to get on a weekly basis nowadays: your "bank" urgently needs you to confirm suspicious activity, or a “friend” sends you a weird link with no explanation. Whether they’re conveying reward, royalty, urgency, or just weird vibes, these messages all have one thing in common: they’re fake. And they’re not just annoying; they’re phishing attempts, one of the most common and costly forms of cybercrime today.
Phishing is a type of cyberattack where criminals impersonate trusted individuals or institutions to trick people into revealing personal information like login credentials, financial data, or even access to sensitive systems. These attacks typically come via email, text messages, or phone calls, and they often rely on psychological tactics like fear, urgency, or curiosity, as well as cognitive biases like the authority bias to get the victim to click a malicious link or download an infected attachment. Once the attacker has the desired information, they can access private accounts, steal identities, or carry out larger-scale breaches. In 2023 alone, phishing was responsible for billions of dollars in losses globally and remains the most reported cybercrimes.12
So why does phishing matter? Beyond the obvious financial toll, it’s often the gateway to more complex attacks. Hackers use phishing to breach corporate networks, compromise personal data, and spread malware. It’s a critical weak point in cybersecurity because it targets the one factor no firewall can completely control: human behavior. In short, phishing is dangerous not because systems are vulnerable, but because people are.
You might be wondering: isn’t phishing just another name for spoofing? Not quite. While the concepts are connected, they’re distinct. Spoofing refers to the “disguise” used by hackers—it's how the attacker fakes an identity, such as making an email look like it came from your boss or a trusted website. Phishing, on the other hand, is the con itself. It’s the attempt to trick you into taking the bait. Think of spoofing as putting on a convincing costume, while phishing is the actual scam that the costume is used to pull off. In many cyber attacks, spoofing is the method, and phishing is the mission.
“Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.”
— Chris Pirillo, American entrepreneur and technology personality
About the Author
Annika Steele
Annika completed her Masters at the London School of Economics in an interdisciplinary program combining behavioral science, behavioral economics, social psychology, and sustainability. Professionally, she’s applied data-driven insights in project management, consulting, data analytics, and policy proposal. Passionate about the power of psychology to influence an array of social systems, her research has looked at reproductive health, animal welfare, and perfectionism in female distance runners.