Phishing has been around for a long time with the first phishing email thought to have been sent in 1995. Over the past 25 years, phishing scams have become far more sophisticated and harder to detect. Fortunately, there is always a way to tell if an email, website, telephone call, or text message is a phishing attempt.

What Exactly Is Phishing?

Phishing is a type of scam where the criminal impersonates another person or an organization in order to gain sensitive data from the victim. This can be done in a variety of ways but we’ll only detail the most common methods here.

Website Phishing

Website phishing is when a malicious website is designed to look (and sometimes function) like another website, often a banking website. When you visit such a website, your keystrokes will be logged which can result in the criminal having access to banking details, social security numbers, social media accounts, email accounts, and more.

This method is not as common as it used to be, but it can still be very effective if you aren’t aware of what to look out for. So, what should you look out for?

The first thing to check is the website address. No matter how much the fake website looks like the real one, the web address can never be the same. Criminals use sneaky tactics with subdomains in an attempt to make the URL and trick you, don’t fall for it! If you have any doubt about the website you are on, open a new tab and type in the web address manually.

Next, you can check the SSL certificate. By clicking the lock icon in the web address bar you’ll be able to see who the SSL certificate was assigned to, if there’s one at all. With SSL certificates widely available for free, this method is less useful but still worth checking.

Of course, the best solution is not being tricked onto a phishing website at all. Don’t click links in emails or social media no matter how much you trust the sender, always type it in manually!

Email Phishing

Have you ever received an email from “Netflix” telling you your subscription is about to expire when you don’t have a Netflix account? How about an email from PayPal asking you to update payment details? These are examples of email phishing.

Most of the time, email phishing just leads to website phishing but there are some emails which ask you to reply directly with sensitive data.

In order to make sure the email has come from the source they claim, check the full email address of the sender. These scammers will often create a very long email address to overflow the field and trick you, or the email address won’t match at all. When in doubt, go directly to the website in question yourself to check. Do not click any links in the email unless you are 100% certain you can trust it.


PhishingBox has put together a test to see if you can tell a phishing email from a legitimate email.

Protecting Against Phishing

There are a number of programs and browser extensions to help protect you from phishing. Below is a handful of our favorites.

Your anti-virus program may also come with phishing protection, make sure it is enabled.

The best protection against phishing, however, is yourself. Make sure to learn how to spot a phishing attempt because if you don’t, you could lose an unimaginable amount of money and personal data. Don’t be another victim.