In the day where most things are handled on the Internet in some way or another, a digital world if you would, we become very dependent upon our aliases and passwords to get us through the day. This includes things like game accounts, email accounts, web hosting accounts, bank accounts and pretty much everything else. If someone were to get the right information to start logging into your accounts, you would be looking at a massive amount of potential damage. And the simple fact is that people are hacked every day. Some are through using brute force techniques, password guessing, or even phishing for information. Here we are going to take a look at the phishing methods, as well as how to easily (for the most part) spot them and ensure that you do not get caught up in one.

What is Phishing?

As the name might suggest if you try to sound it out, it is a lot like fishing. The goal with this is to get you to reveal information that could compromise your accounts, without you even realizing that it is happening. Some techniques to get into someone's account can take a lot of time, but when dealing with phishing, if it is successful it is an instant win.

In most cases you will become aware of the problem when it is too late, which can further complicate things. For example if your bank information has been phished, it can be wiped out and you likely would not even realize it until you noticed that your balance was not as it should be.

In other cases, you will know that something is going on because you will be pinged by the website it deals with, asking for a confirmation code or requesting that you click on a link to confirm that you made the request. We will be looking at how people phish with these as well later on in the article, but for now it should suffice to say that not everything is as it may seem.

Why Do People Phish?

Usually when people do phishing it is because they are looking to gain something. As an example, if they get into your bank they can take the funds out. If they get into one of your purchasing accounts they can make purchases using your card. If they hack one of your poker accounts or game accounts, they can take whatever you have available there.

Other times people will do it for personal revenge, such as getting into someone's email account or their social networking accounts, where they can wreak havoc by sending messages to the person's friends or doing other things to cause disruptions in their life.

Some times it is just for fun, or to see how many people they can trick. In these cases there is no real motive, but rather just the thrill of seeing if they can successfully get people to submit their real information.

How Phishing Works

Phishing works by tricking someone into sending legitimate log in information to a server the “phisher” owns. This allows them to compile a list of all input information, and then do with it as they please. There are a few ways of going about this, but it usually deals with creating a mock up of the site they want to phish for. As an example, if someone is phishing for PayPal log in information, they will likely create a clone of PayPal that looks a lot like the real thing. If people are not paying attention, they will input their information and (in the case of a good phishing scam) the site will forward it properly to PayPal so that the user is logged in to their account like normal and does not suspect that anything has gone wrong. In other cases it is more obvious, where the person will have some other random page up after the information is sent, but that is more rare because the point behind phishing is to be able to use the user name and password before its user realizes that they have been compromised.

How to Protect Yourself

The best way is to never click on random links you find, even if they look legitimate. Sometimes they will point to a different place than they say, and you will not realize the mistake until it is too late. Before clicking on anything, always analyze where it is taking you to. For example, if you are sent an email from PayPal support about something related to your account, do not click the email until you check to make sure it is leading to or a subpage thereof. Phishing links will have other addresses they go to, like, which lets you easily see that it is fake.

If you really want to be on the safe side, you can input all web addresses directly. In the case of the PayPal link we are looking at, you can just visit instead of clicking the link. This ensures that you truly are where you should be.


Always use different passwords for everything. Even if you have to write them down somewhere, it is safer than using the same ones on each site. If one site gets compromised (or you end up accidentally being phished) and you are using the same passwords everywhere, the attacker now has access to everything. This is where the real damage starts, because email passwords will allow them to go through verifications and such when changing your other passwords or logging into your accounts that have email authentication. Being sure that your passwords are different helps protect this attack in that if one is compromised, the rest are not.

The other big thing is to use passwords that are somewhat complicated. “Password” is not a good one, but “XJkldfsd234jklJX” would be. This is where the importance of writing them down is. While it may be more of a hassle to keep up with more secure passwords like this, the security that is gained from it is immense.

Do not log in to any of your important accounts on public computers, such as at the library. This especially includes bank accounts and similar, and the locations also include public WiFi. You never know who is snooping on the network and can see and analyze your packets to gain the important information that is going across the line. This is also a big security risk because if the network itself has been compromised or the public computer you are using has been, you are exposing yourself to whatever the phisher has access to.

What to Do If You Are Phished

The first thing you will want to do is change your password and then find any other accounts that may have used the same one (which should be none) and change those as well. This will help because the attacker may not have actually gotten to your account yet, so if you can get in there before they do you are generally pretty safe. Be sure to take special note of any details in your account that may be changed, and note them down before returning them to how they were. Sometimes the information that the attacker has added to the account can help identify who they are so the proper authorities can deal with the situation and hopefully stop them from attacking other people.

The other thing you need to do is contact the website that hosts whatever the account was phished on. Let them know that someone is out there running these attacks, and share as much information as possible. They can usually see some more identifying information about the person, but even if they can not, they will often set up public notices to warn others about the threat. While this does not necessarily resolve anything, each new person that becomes aware cuts down the number of victims by another.

The last thing you will want to do is contact the authorities if it was a big break in. For example, if they were to get a hold of your bank account and take funds, PayPal account, charge something to your credit or debit card, etc. These are serious situations and the law should be brought in. This will usually be required if you want help with the recovery as well, so be sure to jump on it as soon as possible if you feel it is worth pursuing.

In the case of credit cards or debit cards that have been compromised, contact the issuing bank as soon as possible and report it was a theft. They will be able to disable the existing card(s) so they can no longer be used, and then they will issue you new ones with different numbers. While this is helpful, you still have to be sure that you are not still in a compromised situation, otherwise you will end up right back where you started again. Also note that the replacement cards may come with a fee, although I have not heard of any banks that charge for it.

Concluding Thoughts

The main thing to take from all of this is that you need to protect yourself. There will always be people out there that are attempting to get into everyone's accounts for different reasons, and you want to ensure that you do not become a victim of these attacks. If something does happen and you end up becoming a victim, you need to fight back and do what you can to stop the person from continuing, as other people will be dragged down as well.

Protecting your passwords by using different ones on each site is a hassle but it is needed. It will protect you from most things, unless a server itself is breached or your computer is already compromised with a trojan horse or other virus that can relay information back to the attacker. To protect yourself from these, do not visit strange websites and never download any random programs and run them on your computer; that is doing nothing but asking for trouble. While it may not always lead to bad things, it only takes once to make you regret it!


QR Code
QR Code password_phishing_defense (generated for current page)