What is phishing and how can users recognize and avoid it?

• A. Phishing is a method to harvest fruit; recognize by color.
• B. Phishing uses deceptive messages to trick you into revealing credentials; recognize by spoofed senders, urgent or suspicious requests, and links; avoid by verifying the sender and not clicking unknown links.
• C. Phishing is a type of firewall configuration; recognize by port numbers.
• D. Phishing is a hardware defect.

Answer: (B)

Phishing is a form of social engineering where attackers pretend to be a trustworthy source to trick you into revealing passwords, financial details, or other sensitive information. You’ll recognize it by clues in messages such as a sender that doesn’t match the real organization, urgent or alarming language pushing you to act now, requests for credentials or payment, and links or attachments that look suspicious or direct you to fake login pages. A quick way to spot trouble is to hover over links (without clicking) to see the actual URL, notice misspellings in domains, or see generic greetings instead of your name.

To avoid falling for it, verify the sender through a separate, trusted method—use a known phone number or the official website you’ve used before—and don’t share passwords or sensitive data. Don’t click unknown links or open unexpected attachments, especially if the message pushes for quick action. When in doubt, type the legitimate site address directly into your browser rather than following a link. Enabling two-factor authentication, keeping software up to date, and using security tools can add extra protection, and report suspected phishing to your IT team or service provider.