How to Spot a Phishing Scam Before It's Too Late

What Is Phishing?

Phishing is a type of online fraud where criminals impersonate trusted organizations — banks, government agencies, popular retailers, or payment services — to trick you into revealing sensitive information like passwords, card numbers, or CSC codes.

Phishing attacks arrive via email, SMS (smishing), phone calls (vishing), and even fake websites. They are among the most common methods used to commit financial fraud and identity theft worldwide.

Common Signs of a Phishing Email

Train yourself to recognize these red flags:

• Urgent or threatening language – "Your account will be suspended in 24 hours!" is designed to panic you into acting without thinking.
• Generic greetings – "Dear Customer" instead of your real name suggests a mass-sent scam.
• Suspicious sender address – The display name may say "PayPal" but the actual email address is something like support@paypa1-secure.net.
• Mismatched or suspicious links – Hover over any link (without clicking) to see the real URL. If it doesn't match the supposed sender's domain, don't click.
• Requests for sensitive information – Legitimate organizations never ask for your password, full card number, or CSC via email.
• Poor grammar and spelling – While not always present in modern attacks, errors are a classic sign of a rushed scam.
• Unexpected attachments – Be very wary of attachments from unknown senders, as they may contain malware.

Phishing Red Flags in SMS and Social Media

Smishing (SMS phishing) follows the same patterns but via text message. Common examples include fake package delivery alerts, bank security warnings, and prize notifications. Remember:

• Your bank will never ask for your PIN or full card details via SMS
• Legitimate delivery companies don't ask for payment via a text link
• Government agencies do not demand immediate payment via gift cards or wire transfers

How to Verify a Suspicious Message

1. Do not click any links in the message.
2. Go directly to the official website by typing the address yourself in a new browser tab.
3. Call the organization using a phone number from their official website — not a number provided in the suspicious message.
4. If it's a bank email, forward it to the bank's dedicated phishing report address (most major banks have one).

What to Do If You've Been Phished

If you accidentally clicked a link or submitted your details:

• Immediately change your password for the affected account
• Contact your bank or card issuer right away if financial information was shared
• Enable 2FA on all related accounts
• Run a malware scan on your device
• Report the phishing attempt to your national cybersecurity authority

Stay Skeptical — It's Your Best Defense

The most powerful protection against phishing is a healthy dose of skepticism. Any message that creates urgency, asks for sensitive data, or seems slightly "off" deserves careful scrutiny before you act on it.