Phishing, the fake messages designed to steal your passwords or money, is the most common cyber threat in the world, and it is getting more convincing every year. The good news is that once you understand the patterns, scams become surprisingly easy to spot. At Teck JB we want everyone to be able to recognise and shrug off these attacks, so here is a clear, practical guide to staying safe.
What is phishing?
Phishing is a type of scam in which an attacker pretends to be someone you trust, such as your bank, a delivery company, a streaming service, a government agency, or even your boss, in order to trick you into handing over sensitive information or money. The message tries to make you act quickly, before you have time to think clearly, by claiming there is a problem, an opportunity, or an urgent deadline. The goal is almost always to get you to click a link and enter your details on a convincing fake website, or to reply with information the attacker can exploit.
What phishing looks like
A phishing message typically pretends to be from a familiar organisation and creates a sense of urgency: your account is locked, a payment failed, a package is waiting, or you must verify your details immediately. It usually contains a link or button that leads to a fake login page designed to look just like the real thing. Phishing arrives by email, text message, social media, and even phone calls, and increasingly the messages are polished and professional rather than the clumsy, error-filled scams of the past. That makes knowing the warning signs more important than ever.
The warning signs to watch for
- Urgency and threats. Genuine organisations rarely demand that you act within minutes or threaten dire consequences if you do not respond immediately.
- Generic greetings. A message that opens with “Dear customer” instead of your name can be a red flag, though scammers increasingly personalise their attacks.
- Mismatched links. Hover over a link on a computer, or press and hold it on a phone, to reveal the real destination. If it does not match the official website, it is fake.
- Odd sender addresses. Look closely at the sender, since scammers use addresses that are subtly wrong, such as a misspelled company name or extra characters.
- Requests for passwords or codes. Legitimate organisations will never ask you to share your password or a verification code.
- Spelling and formatting errors, although these have become rarer as scammers grow more sophisticated.
How to protect yourself
The single most powerful habit is simple: never log in or pay through a link you did not expect. Instead of clicking, open your browser and type the website address yourself, or use the organisation’s official app. Never share verification codes with anyone, including someone claiming to be from support, since no legitimate company will ask for them. Turn on two-factor authentication everywhere you can, so that even a stolen password is not enough to break into your account. And above all, slow down, because phishing relies entirely on rushing you into a mistake. A moment of calm thought defeats the vast majority of attacks.
Verify directly, never through the message
If a message claims to be from your bank, a retailer, or a service you use, do not call the phone number or click the link it provides, since both could be controlled by the scammer. Instead, contact the organisation directly using a number from your card, an official statement, or their genuine website. This simple habit of verifying independently neutralises a huge range of scams, because it takes the attacker out of the loop entirely. It costs you only a couple of minutes and can save you from serious harm.
How AI is changing phishing
Artificial intelligence has made phishing messages more convincing than ever, helping scammers write fluent, error-free text and even mimic the style of real companies and people. This means the old advice of looking for bad spelling and grammar is no longer enough on its own. Understanding how these tools work helps you stay alert, and our explainer on what AI is and how it is changing technology puts this shift in context. The core defences, though, remain exactly the same: verify independently, never trust unexpected links, and slow down before you act.
If you think you have been caught
If you fear you have clicked a malicious link or entered your details on a fake page, act quickly but calmly. Change the affected password immediately, and change it anywhere else you reused it, then turn on two-factor authentication if you had not already. Watch your bank and card statements for any unusual activity, and contact your bank directly if money or payment details were involved. The faster you respond, the more you can limit the damage, and most people who act promptly avoid any lasting harm.
The common types of phishing
Phishing comes in several forms, and recognising them makes you harder to fool. Classic email phishing casts a wide net, sending the same fake message to millions of people in the hope that some will fall for it. Smishing is the same idea delivered by text message, often posing as a delivery notification or a bank alert. Vishing uses phone calls, with scammers pretending to be support staff or officials to pressure you over the line. And spear phishing is a targeted attack aimed at a specific person, using details gathered about you to make the message far more convincing. Knowing which type you are looking at helps you respond appropriately, but the core defences apply to all of them.
Real-world examples to recognise
Some scams are so common it is worth knowing them by sight. The fake delivery message claims a parcel could not be delivered and asks you to pay a small fee or confirm details through a link. The account-locked email warns that your bank, email, or streaming account has been suspended and urges you to verify immediately. The invoice or refund scam attaches a fake bill or promises money back to lure you into clicking. The boss or colleague scam impersonates someone at your workplace and asks for an urgent transfer or gift cards. And the prize scam tells you that you have won something and just need to pay a fee or hand over details to claim it. In every case, the same rule applies: do not act on the message, verify independently instead.
Protecting your family and less tech-savvy relatives
Scammers deliberately target people who may be less familiar with these tricks, particularly older relatives, so protecting your household is a shared effort. Talk openly with family members about the warning signs, and reassure them that it is always fine to pause, hang up, or ignore a message and check with you first. Encourage the habit of never sharing passwords or codes and never acting on urgent, unexpected requests for money. Helping the less confident people in your life set up two-factor authentication and a password manager protects not just them but everyone connected to them, since one compromised account can be used to attack others.
How to report phishing
Reporting phishing helps protect other people and makes it harder for scammers to operate. Most email providers have a built-in option to report a message as phishing, which improves their filters for everyone. Many banks and large companies have a dedicated address where you can forward suspicious messages claiming to be from them, and many countries have an official body that collects scam reports. It only takes a moment, and while it may feel like a small action, it contributes to the wider effort to shut these operations down. After reporting, simply delete the message and move on with confidence.
Stay one step ahead
Scammers constantly invent new angles, but their fundamental playbook rarely changes: impersonate someone you trust, create urgency, and push you toward a link or a payment. Once you internalise that pattern, almost every scam starts to look familiar, no matter how it is dressed up. Keep your software and apps updated, use strong unique passwords with two-factor authentication, and treat every unexpected message asking you to log in or pay with healthy suspicion. With those habits in place, you can use email, messaging, and the web with confidence rather than fear.
The bottom line
Phishing works by rushing you into a mistake, so the strongest defence is a simple, unshakeable habit: never log in or pay through a link you did not expect. Stay calm, verify independently, turn on two-factor authentication, and you will sidestep the overwhelming majority of scams, even the increasingly polished ones. Share these tips with friends and family too, since scammers often target the least protected person they can find. For more practical security guides, keep reading Teck JB.
Related reading from Teck JB
Build on this with our full guide to protecting your online privacy, equip yourself with the best free apps including a password manager and authenticator, and understand how AI is changing online threats. For more security advice, visit the Teck JB homepage.