What is Phishing?

The short answer: phishing is an attempt to steal personal information via email.

Phishing is by far the most successful and popular cyberattack. Its seemingly credible exterior manages to fool a lot of people, but what exactly is it?

Phishing is a hacking attempt made via email. Typically, you will receive an email from someone trustworthy – your CEO, colleague, or HR director. They will probably tell you that you must do an action to avoid some bad consequence, such as update your direct deposit information or update your password now.

These emails may even come from outside of your company and target your personal email. You will receive something from some popular company you probably use – Netflix, Amazon, or your bank. It would probably say something such as reset your password or check recent account activity. 

While some are well constructed and believable, these emails are actually sent by hackers. They pose as a credible source to gain your trust and steal your information.


The following is a classic example of a phishing email.

At first glance, you may think this is a legitimate email from PayPal.  However, this email has lots of red flags. You may notice that the email address is strange, not a typical sending address from PayPal. 

  • You were probably confused when reading about this “limited” account. This is not something PayPal actually does. You’ll also notice that the message is very vague and repetitive. 
  • Next, we have text errors, such as “what the problem’s?” and “we’ve place a limitation” and strange wording that does not sound like it would be from such a successful company. Spelling and grammatical errors are basic red flags of phishing emails.
  • Then we have the classic bait tactic. Hackers will entice you with fear and worry about your account to make you rush and overlook the issues we’ve discussed above. Most phishing emails follow this same format. 

If you are on your desktop, you can hover over the Log In button and look at the link. Usually it will be a random link that is most certainly not PayPal. 


Do not open any links or download anything from a phishing email. You can send them to your trash or spam folders. 

Emails about account security could definitely be worrisome, but you should never click the links or download anything from these bad emails. Instead, go directly to the website and login. You can browse your account notifications there. 

Act fast. Immediately go directly to the website and reset your password. If you use that email and password combination anywhere else, you should also reset it. If they have an option to, log out of all active sessions. In the future, it’s also best to use multi-factor authentication.

When it doubt, contact the sender via phone or face-to-face and ask them about their email. 

Have more questions?

Cyberattacks can be a confusing topic, but we’re always here to help. Submit your questions to us and we will get back to you as soon as possible.