Definition by Wikipedia

Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising oneself as a trustworthy entity in an electronic communication.

Most common phishing types

DECEPTIVE PHISHING

Fraudsters impersonate a legitimate company in an attempt to steal people’s personal data or login credentials. Those emails frequently use threats and a sense of urgency to scare users into doing what the attackers want.

SPEAR PHISHING

Fraudsters customize their attack emails with the target’s name, position, company, work phone number and other information in an attempt to trick the recipient into believing that they have a connection with the sender. The goal is the same as deceptive phishing, even so: trick the victim into clicking on a malicious URL or email attachment so that they will hand over their personal data.

VISHING

This type of phishing attack dispenses with sending out an email and instead goes for placing a phone call. To protect against vishing attacks, users should avoid answering calls from unknown phone numbers, never give out personal information over the phone and use a caller ID app.

SMISHING

Smishers pose as various entities to get what they want. Users can help defend against smishing attacks by researching unknown phone numbers thoroughly and by calling the company named in the messages if they have any doubts.

Definition by WikiPedia

Email spoofing is the creation of email messages with a forged sender address. Because the core email protocols do not have any mechanism for authentication, it is common for spam and phishing emails to use such spoofing to mislead or even prank the recipient about the origin of the message. Source: https://en.wikipedia.org/wiki/Email_spoofing

How to Protect Yourself

Pay attention to the name and email address.

If they don’t match or make sense, you have a reason to be suspicious.

Look out for grammar and tone that seems off.

Grammar and tone are useful ways of identifying whether an email can be trusted. As email spoofers usually make use email addresses you are supposed to be familiar with or communicate with, they may not be aware of the tone usually used by the real owner of the email address

Contact the sender offline.

Don’t reply to a suspicious email claiming to be from someone you know if something raises the alarm. Call, SMS, WhatsApp, DM them and ask if they really sent the message.

Be wary of a request for action

Don’t click links or download file attachments you’re not expecting. Scammers use these as ways to get into computers or accounts. For business customers, do not provide any confidential information in reply to an email that seems suspicious