A phishing attack is an online scam in which attackers trick you into revealing sensitive information, such as passwords, banking details, or personal data, by posing as a trusted source (like a bank, delivery company, or login page. How phishing attacks work Phishing usually follows a simple pattern: Lure (the trap) You receive something that looks legitimate: Email from “your bank” SMS about “parcel delivery” Fake login page for Google, Microsoft, Facebook Social media message from a “friend” Pressure or urgency Attackers push you to act quickly: Your account will be locked Suspicious login detected Pay immediately to avoid fees Click or open You are asked to: Click a link Open an attachment Enter login details on a fake website Data theft Once you enter details: Your password is stolen Bank or email access is compromised Malware may also be installed Common types of phishing Email phishing – fake emails from banks or services SMS phishing (smishing) – fake text messages Voice phishing (vishing) – phone calls pretending to be support Fake websites – cloned login pages Social media phishing – fake messages or ads How to protect yourself Check links carefully Hover before clicking Look for misspellings (e.g. “gooogle.com”) Never share passwords or codes No real company will ask for passwords or OTPs Enable 2-factor authentication (2FA) Adds extra security even if the password is stolen Use security software Antivirus with phishing protection (e.g. Norton, Bitdefender) Verify directly Call or visit the official website manually Keep systems updated Windows, browser, and apps should be up to date How to remove or fix after a phishing attack If you clicked or entered details: Change your passwords immediately Start with email, banking, and social accounts Enable or reset 2FA Disconnect unknown devices Scan your device Run a full antivirus scan Remove any suspicious apps or extensions Check account activity Look for unknown logins or transactions Contact your bank (if financial info was shared) Freeze cards or accounts if needed Report the attack Email provider (Google, Microsoft, etc.) Australian Cyber Security Centre (ACSC) Key takeaway Phishing doesn’t “hack” your device — it tricks YOU into handing over access. So awareness and caution are your strongest protection.
Categories: