Phishing

What is Phishing? 

Phishing is a deceptive technique used by malicious actors to trick individuals into revealing sensitive information such as passwords, credit card numbers, or personal data by posing as a trustworthy entity via email, websites, or messages. It exploits cognitive biases like authority and urgency to bypass rational decision-making and prompt quick, often risky, actions. In the digital landscape, phishing also undermines user trust and can significantly impact website credibility and SEO performance.

The Basic Idea

We’ve all been there. You’re checking your email when suddenly: jackpot! You’ve won a brand new iPhone 19 (does that even exist yet?) from a contest. You don’t remember entering, but your hopes are up because surely you must have entered something at one point, given how often you sign up for things online… 

Or maybe you’ve had the privilege of being contacted by a Nigerian prince who needed your help moving millions of dollars out of the country. You’d never even been to Nigeria, and you’re not sure why he’d chosen you, but you were honored nonetheless. All he needed was your bank account, your Social Security number, and your eternal trust. 

Or maybe it was one of the texts that we all seem to get on a weekly basis nowadays: your "bank" urgently needs you to confirm suspicious activity, or a “friend” sends you a weird link with no explanation. Whether they’re conveying reward, royalty, urgency, or just weird vibes, these messages all have one thing in common: they’re fake. And they’re not just annoying; they’re phishing attempts, one of the most common and costly forms of cybercrime today.

Phishing is a type of cyberattack where criminals impersonate trusted individuals or institutions to trick people into revealing personal information like login credentials, financial data, or even access to sensitive systems. These attacks typically come via email, text messages, or phone calls, and they often rely on psychological tactics like fear, urgency, or curiosity, as well as cognitive biases like the authority bias to get the victim to click a malicious link or download an infected attachment. Once the attacker has the desired information, they can access private accounts, steal identities, or carry out larger-scale breaches. In 2023 alone, phishing was responsible for billions of dollars in losses globally and remains the most reported cybercrimes.12

So why does phishing matter? Beyond the obvious financial toll, it’s often the gateway to more complex attacks. Hackers use phishing to breach corporate networks, compromise personal data, and spread malware. It’s a critical weak point in cybersecurity because it targets the one factor no firewall can completely control: human behavior. In short, phishing is dangerous not because systems are vulnerable, but because people are.

You might be wondering: isn’t phishing just another name for spoofing? Not quite. While the concepts are connected, they’re distinct. Spoofing refers to the “disguise” used by hackers—it's how the attacker fakes an identity, such as making an email look like it came from your boss or a trusted website. Phishing, on the other hand, is the con itself. It’s the attempt to trick you into taking the bait. Think of spoofing as putting on a convincing costume, while phishing is the actual scam that the costume is used to pull off. In many cyber attacks, spoofing is the method, and phishing is the mission.

“Passwords are like underwear: you don’t let people see it, you should change it very often, and you shouldn’t share it with strangers.”


— Chris Pirillo, American entrepreneur and technology personality

About the Author

A smiling woman with long blonde hair is standing, wearing a dark button-up shirt, set against a backdrop of green foliage and a brick wall.

Annika Steele

Annika completed her Masters at the London School of Economics in an interdisciplinary program combining behavioral science, behavioral economics, social psychology, and sustainability. Professionally, she’s applied data-driven insights in project management, consulting, data analytics, and policy proposal. Passionate about the power of psychology to influence an array of social systems, her research has looked at reproductive health, animal welfare, and perfectionism in female distance runners.

About us

We are the leading applied research & innovation consultancy

Our insights are leveraged by the most ambitious organizations

Image

I was blown away with their application and translation of behavioral science into practice. They took a very complex ecosystem and created a series of interventions using an innovative mix of the latest research and creative client co-creation. I was so impressed at the final product they created, which was hugely comprehensive despite the large scope of the client being of the world's most far-reaching and best known consumer brands. I'm excited to see what we can create together in the future.

Heather McKee

BEHAVIORAL SCIENTIST

GLOBAL COFFEEHOUSE CHAIN PROJECT

OUR CLIENT SUCCESS

$0M

Annual Revenue Increase

By launching a behavioral science practice at the core of the organization, we helped one of the largest insurers in North America realize $30M increase in annual revenue.

0%

Increase in Monthly Users

By redesigning North America's first national digital platform for mental health, we achieved a 52% lift in monthly users and an 83% improvement on clinical assessment.

0%

Reduction In Design Time

By designing a new process and getting buy-in from the C-Suite team, we helped one of the largest smartphone manufacturers in the world reduce software design time by 75%.

0%

Reduction in Client Drop-Off

By implementing targeted nudges based on proactive interventions, we reduced drop-off rates for 450,000 clients belonging to USA's oldest debt consolidation organizations by 46%

Read Next

Notes illustration

Eager to learn about how behavioral science can help your organization?