All About Cookies is an independent, advertising-supported website. Some of the offers that appear on this site are from third-party advertisers from which All About Cookies receives compensation. This compensation may impact how and where products appear on this site (including, for example, the order in which they appear).
All About Cookies does not include all financial or credit offers that might be available to consumers nor do we include all companies or all available products. Information is accurate as of the publishing date and has not been provided or endorsed by the advertiser.
The All About Cookies editorial team strives to provide accurate, in-depth information and reviews to help you, our reader, make online privacy decisions with confidence. Here's what you can expect from us:
The term “phishing” was first mentioned back in 1994 when hackers breached AOL and tricked users into revealing their account passwords. Phishing attacks use malicious emails and fake websites to lure people into handing over their personal information. They’re called “phishing” because the hackers "fish" information out of unsuspecting victims.
Knowing what to look for can safeguard your personal or financial information from bad actors. Plus, antivirus software with real-time phishing protection can stop phishing attacks before you become a victim.
Real-time protection from viruses, malware, and online threats
Blocks tracking cookies and ads, proactively monitors for data breaches, and option to schedule smart scans
100% compatible with Windows, Mac, Android, and iOS operating systems on up to 3 devices
If you get an email that seems suspicious, the best defense is to delete it. Many phishing messages have mismatched email domains, claiming to be from reputable companies. If you get a suspicious link, you can see its address by hovering over the link with your mouse. Don’t click on the link. Here are the top email phishing red flags to look for:
Here are two examples of real phishing emails:
/images/2022/10/28/how-to-spot-a-phishing-email-screenshot-3.jpg)
You may spot a phishing scam by looking for bad grammar or misspellings in the message. Some emails have generic greetings, which wouldn’t normally come from friends or professional companies (let alone a CEO).
/images/2022/10/28/how-to-spot-a-phishing-email-screenshot-2.jpg)
The above example is one you may receive frequently. You get a receipt or confirmation about a product you know you haven’t ordered, in this case, what appears to be a McAfee product. It contains a link that entices you to click on it, which may take you to a site to enter your credit card information to remain protected or to opt-out.
Phishing is so effective because attackers send compelling emails that look legitimate at first glance. Phishing emails usually direct you to a webpage that either delivers malware or allows you to enter your personal or financial information. You also may receive an attachment or link redirecting you to a phishing website.
Scammers aim to steal as much of your personal data as possible. Once they have it, they can access your social media accounts, financial information, and other sensitive data.
This is known as social engineering. The scammer manipulates you into doing something dangerous online, like revealing private information. Phishing is a form of social engineering where the perpetrators are looking for personally identifiable information and financial information like:
If a phishing attack is successful, it can compromise your financial and social media accounts. That can mean unauthorized purchases and even identity theft. You can also get hit with ransomware that holds your information hostage until you pay to get it back. If you use identity theft protection, you should be notified if someone uses your information.
Phishing attacks can also harm companies. They can cause data loss and distribute malware throughout the organization, leading to devastating financial loss, reputation issues, and consumer mistrust.
Phishing attacks threaten everyone, so you need to know how to recognize them when they come your way. Numerous types of threats use phishing to steal your information. We cover these so you can spot them, hopefully before they can do any damage.
Email phishing is used by criminals who send a fraudulent message hoping you’ll respond by clicking a link or opening an attachment. Once you do, you’ll be directed to a site asking you to enter personal information. This comes as a savvy email that looks like something genuine you might need to open.
Spear phishing campaigns use previously collected data in the email attack. That may be information regarding you or your employer. You may receive an email that creates a sense of urgency by asking you to act immediately. If you get a spear phishing email at work, it is usually an attempt to obtain your login credentials. It may have some information about you in the email that looks like it comes from someone you can trust.
Malware phishing attempts to install malicious software on your device or company network. It comes as email attachments that might look valid. Sometimes, malware phishing can be disguised as seemingly harmless eBooks, PDFs, GIFs, or funny videos to tempt you to open them.
Pharming is a bit different from regular phishing. It uses malicious code executed on your device to redirect you to the criminal’s website. You won’t get a link to click or an attachment to open. Pharming relies solely on code being run on your computer to target you. It’s a good idea to check your privacy settings on your device to limit who has access to your data.
Whaling (AKA executive phishing) is a technique used by hackers. In this technique, hackers pretend to be senior members of an organization and target other people in administrative positions. The aim is to steal money or data for criminal gain.
Whaling uses email and website spoofing to get the target to reveal data or even transfer money. Spoofing works by creating a website that looks legitimate, so you’ll click on it and reveal private information to the scammers. Whaling targets specific individuals who would have access to sensitive information.
Smishing is a combination of phishing and short message service (SMS). People use text messaging more frequently than emails, so many hackers use this method to get your information. They may text you with an infected link so you can click and download malware. The criminal will get your information and commit fraud to make money. Smishing scams are so popular with criminals that they’ve drastically increased in recent years.
Vishing is a combination of phishing and voice recordings. The caller will leave you an urgent voicemail that tells you to respond immediately and call a certain number back. An example would be a message that your bank account has been hacked or suspended.
Another example is the extended car warranty phone call that most of us have received repeatedly. The end goal is the same as email phishing: the bad actor wants to steal your information for financial gain.
You can prevent phishing attacks by staying vigilant. Cybercriminals will always be looking to make a fast buck, but you don’t have to succumb to their savvy phishing games. Some ways to stop phishing attacks include:
| Antivirus | 
|
|
|
| Star rating | |||
| Price | $29.00–$49.00/yr (first year only) | $29.99–$249.99/yr | $29.99–$99.99/first yr |
| # of devices protected | 4 - 8 | Unlimited | 1 - 10 |
| Malware scans | Manual and scheduled | Manual and scheduled | Manual and scheduled |
| Real-time protection | |||
| EICAR test results | 2/3 | 3/3 | 3/3 |
| Firewall | |||
| Phishing protection | |||
| Compatibility | Windows, Mac, Android, iOS, Chrome, Edge, Opera, Safari | Windows, Mac, Android, iOS, Chrome, Firefox, Safari, Edge | Windows, Mac, Android, iOS |
| Extras | Password manager, ad blocker, VPN | Parental controls, performance optimization tools, VPN | Password manager, VPN, dark web monitoring, parental controls, privacy monitor, identity theft protection, cloud backup |
| 24/7 customer support | |||
| Learn more | Get TotalAV | Get McAfee | Get Norton 360 |
A common indicator of a phishing attempt is noticing something unusual or suspicious about the email, such as grammar or spelling errors. You may also receive a generic greeting or an unrecognized link.
The difference between a scam and phishing is a scam is a scheme or fraudulent business that tries to get money or goods from you, while phishing is a type of cyberattack that targets you by email.
You can report a suspicious email to your email clients, such as Gmail or Microsoft Outlook. You can also report to the FTC.
Cybercriminals are getting smarter at deceiving us and taking advantage of vulnerabilities. Fortunately, you can use the above anti-phishing tips to thwart fraudulent activity. Always look for red flags, like spelling and grammar mistakes, suspicious links, and urgent demands or requests.
If you receive suspicious emails, report them to your email client or the FTC. For 24/7 online security, install antivirus software with real-time protection across your devices.
Real-time protection from viruses, malware, and online threats
Blocks tracking cookies and ads, proactively monitors for data breaches, and option to schedule smart scans
100% compatible with Windows, Mac, Android, and iOS operating systems on up to 3 devices
/images/2024/02/21/avg_vs._totalav_antivirus_featured_image.jpg)
/images/2023/08/04/total-av-vs-norton.png)
/images/2024/11/06/avast_antivirus.png)
/images/2024/10/31/best_mcafee_alternatives.png)
/images/2024/10/30/best_adlock_alternatives.png)
/images/2024/10/29/avg_alternatives.png)
/images/2024/10/29/bitdefender_alternatives.png)
/images/2024/10/26/antivirus_prices_mcafee_antivirus.png)
/authors/patti-croft.png){kind=small}
/authors/kate_quinlan_headshot_april_2024.png){kind=small}
/authors/steph-trejos-allaboutcookies-editor.jpg){kind=small}
/images/2022/09/22/logo-totalav.png){kind=logo}
/authors/patti-croft.png)
/authors/kate_quinlan_headshot_april_2024.png)