Phishing is a form of social engineering and in the context of information security, social engineering is defined as the use of deception to manipulate individuals into divulging confidential or personal information. The key to this entire section is that a huge percentage of so-called “hacks” occur only due to the participation of the victim.

Many of the most high-profile “hacking” stories from the last few years were the result of users being tricked into giving their login information to people who then use it against them. The most common method is to send unsuspecting victims to fake websites which resemble their real counterpart. When the user enters their login credentials, payment details, or other information into a form on that page, they are handing it right to the bad guy.

For example, one attacker used a phishing campaign to acquire dozens of iCloud and Gmail accounts, many of which belonged to celebrities. Using their credentials, he was able to access their cloud-based photo backups. Many of those accounts contained nude photos, which he then leaked online. Actress Jennifer Lawrence and pop-star Rihanna were among more than 600 victims from this campaign. The attacker was caught and has been prosecuted, but there is just no way to undo the damage that such an attack can cause on someone’s life and career.

Phishing attacks like those I’ve just described are widespread because it is easier to take advantage of people than it is to breach highly complex computer systems. With that in mind, it is really critical to know how to identify malicious links, emails, and text messages.