Phishing is a type of social engineering attack used to steal user data, including login credentials and credit card numbers, by masquerading as a trusted entity.

Common methods include email phishing, SMS phishing, social media phishing, and spear phishing.

Spear phishing targets a specific person or enterprise, requiring special knowledge about the organization.

Red flags include urgent or threatening language, suspicious sender information, requests for personal information, misspellings or grammatical errors, suspicious links or attachments, generic greetings, and offers that seem too good to be true.

Legitimate organizations do not request personal information via email, social media, or other online means.

Report it to a trusted adult, teacher, or the school's IT department, and do not forward the phishing email or message.

Phishing can lead to unauthorized purchases, identity theft, financial losses, and damage to an organization's reputation and consumer trust.

Think critically before clicking links, sharing personal information, or opening attachments. Verify the authenticity of the sender and the information provided.