Phishing is a way that criminals get sensitive information (like usernames or passwords). It is a method of social engineering. Very often, phishing is done by electronic mail. This mail appears to come from a bank or other service provider. It usually says that because of some change in the system, the users need to re-enter their usernames/passwords to confirm them. The emails usually have a link to a page that looks almost like that of the real bank.
Phishing has changed surprisingly little over the lifetime of the Internet, however certain phishing tactics have gotten much more sophisticated. For example, many phishing techniques via email involve spoofing the email address and creating emails that are designed to look just like emails sent from the real company. Not all phishing attempts do this, however.
Phishing can also be done over text, via instant messaging apps such as Facebook Messenger or WhatsApp, or even through snail mail. If you receive a text from an unknown number that tells you to visit a specific website for any reason, it might be a phishing link.
Filter evasion[change | change source]
Some people who do this started using pictures of text to make it harder for anti-phishing filters to see it. This sometimes works because the filters look for words often used in phishing emails/messages. However, people have invented better filters that can still read the text using OCR (optical character recognition).
Some anti-phishing filters can even read cursive, hand-written, upside-down, distorted (for example, wavy or stretched) text, as well as writing on colored backgrounds.