When someone talks about their email or bank account being hacked, the reality is that their account probably was not brutally broken into with technological tools. Instead, the most common form of hacking is simply phishing. This type of fraud has been around for centuries, but it can be very effective in the modern era. Here are some important things to know about this major threat to online security.

What Is Phishing?

At its most basic level, phishing is simply one person pretending to be a reputable company to gain access to other people’s private information. It uses a trick called social engineering which is essentially tricking the user into sharing the passwords, bank numbers, or other data a scammer needs to access an account. Instead of breaking into it, a phisher gets their victim to give away the information themselves.

How Does Phishing Work?

Scammers get people to reveal sensitive information through many methods. One of the most common is emails. A phisher will claim to be from a bank, a coworker, or a website you have an account with, and they will ask the person to click a link and enter information on the link. Though the email and the website it directs a person to often looks legitimate, it is actually a fake website that steals information. There are also some other forms of phishing that can involve someone calling or messaging a person, or it can be a sophisticated form that involves hacking a real website and redirecting users to a fake one.

How Can People Prevent Phishing?

Users who want to avoid phishing need to exercise a lot of caution when dealing with sensitive information. The first thing to do is make sure a bank or social media site is the real, official site instead of a fake one with a false web address. Likewise, any email asking for information should be checked to see if the address is the company’s official contact email. Most reputable companies will never call or email clients asking for things like passwords and account numbers. If an email seems suspect, users should contact the company through official means to confirm whether or not they should reply.