🐉 Explain it Like I’m 5: What is Phishing?
Phishing (pronounced “fishing”) is when a scammer pretends to be someone you trust in order to trick you into giving them something they want — usually your login, your money, or your personal information.
They throw out a “baited hook,” and hope someone bites.
It’s not about computers or viruses — it’s about tricking humans.
Byte the cyber-dragon says:
“Hackers don’t hack computers first — they hack people.” 🐉🎣
🧸 A Simple Example Anyone Can Understand
Imagine you get a note in class that says:
“Your teacher wants your lunch money. Give it to me and I’ll deliver it.”
It looks real.
It sounds real.
But it’s actually from a kid pretending to be the teacher.
If you fall for it, you’re out of lunch money. 🍕💸
That’s phishing.
A scammer pretending to be someone else to steal from you.
⭐ Why Phishing Works
Phishing works because scammers don’t need to break into your computer — they just need to convince you to unlock the door for them.
They rely on:
🚨 Urgency
“Your account will be deleted in 10 minutes!”
😱 Fear
“Your bank account is frozen!”
🎁 Curiosity
“Look what I found! Click here!”
🎉 Excitement
“You won a prize!”
😰 Pressure
“Please help me, I’m in trouble.”
Phishers are basically bad actors trying to trigger an emotion so you click before thinking.
🦠 How Phishing Actually Happens (ELI5 Breakdown)
Scammers can phish you through:
- text messages
- phone calls
- social media messages
- fake websites
- QR codes
- fake ads
And they all have one goal:
Trick you into giving them something valuable.
Here’s how the main types work.
🎣 Types of Phishing (Simple + Clear)
📨 1. Email Phishing
The most common type.
You get an email that looks legit, like:
“Your PayPal account needs verification.”
“Someone tried logging into your bank.”
“Your package can’t be delivered.”
But the links go to a fake page designed to steal your login.
Email phishing is the “classic fishing pole.” 🎣
📱 2. SMS Phishing (Smishing)
Text messages pretending to be:
your bank
your delivery company
your friend
a service you use
Examples:
“Your package is delayed, click here.”
“Your bank locked your card.”
“Your Apple ID is disabled.”
Smishing is dangerous because texts feel more personal. 📲
📞 3. Voice Phishing (Vishing)
Scammers call you and pretend to be:
tech support
the IRS
your bank
your workplace
Amazon
They sound official.
They’re trained to pressure you.
This is “phishing with a megaphone.” 📣
🧑💻 4. Social Media Phishing
Fake accounts DM you:
“We need your login to verify your Instagram.”
“Click to see who viewed your profile.”
“Your friend sent you a gift card — claim it here!”
Spoiler: no one is giving you a free gift card. 🎁😬
🌐 5. Fake Websites (Spoofing)
These look identical to real sites:
Facebook
Amazon
Bank logins
Email portals
But the link is slightly different:
amaz0n.com
faceb00k-login.com
mybank-secure.net
Everything looks real…
but your login goes straight to the scammer.
🎯 6. Spear Phishing
This is targeted phishing.
The attacker knows your name, your job, your coworkers.
Example:
“Hey Michael, can you review this document for the Halff project?”
Because it looks personal, people trust it.
This is the “sniper rifle” of phishing. 🎯
🔍 How Phishing Tricks You (ELI5 Psychology)
Scammers use psychological tricks:
😱 Fear
“You’re in trouble unless you act fast!”
⏳ Urgency
“Your account will close in 30 minutes!”
👑 Authority
“This is the bank / IRS / CEO.”
😍 Temptation
“You won a $500 gift card!”
😰 Sympathy
“Your friend needs help!”
🤩 Curiosity
“Someone sent you money — check now!”
Hackers understand people better than computers.
That’s what makes phishing effective.
🛡️ How to Spot Phishing (Simple ELI5 Checks)
Byte teaches five quick tests:
1️⃣ The Link Test
Hover over the link. Does it look weird, misspelled, or unfamiliar? 🚫
Don’t click.
2️⃣ The Sender Test
Does the email come from a strange address?
Like:support@amaz0n-security.info
Fake.
3️⃣ The Urgency Test
Is it trying to scare or rush you?
Real companies don’t rush.
4️⃣ The Grammar Test
Bad spelling or weird phrasing = big red flag.
5️⃣ The “Did I Expect This?” Test
If you weren’t expecting it… assume it’s a trap.
🧯 How to Protect Yourself From Phishing
These simple steps stop almost ALL phishing attacks:
🔐 Turn On MFA
Even if a hacker steals your password, MFA stops them. Learn how in What Is MFA?
🤖 Use a Password Manager
If the website is fake, your password manager won’t autofill.
It recognizes real domains only. See our ELI5 guide: What Are Password Managers?
🧼 Don’t Click Random Links
Especially from:
unknown senders
scary messages
unexpected texts
💾 Keep Devices Updated
Updates patch holes scammers try to exploit.
🚫 Don’t Share Codes — EVER
Not with:
“bank employees”
“tech support”
“Amazon agents”
No real company asks for your MFA code.
📦 Verify before you trust
If you get an email about:
a delivery
a bank alert
an account lock
a subscription
a password reset
Go directly to the official website — NOT through the link.
🌍 Real-World Phishing Examples (Explained Simply)
📦 “Your package is delayed!”
Fake shipping notifications — super common.
💳 “Your bank account is locked.”
Banks never send scary texts like this.
🐟 “Someone tried to log into your account.”
This one uses fear to make you click instantly.
🎁 “Here’s your free gift card!”
Nope.
Nobody gives out free money. 🙂
🎁 Final Takeaway
Phishing is just tricking people with fake messages, fake websites, or fake alerts.
It’s not technical.
It’s psychological.
But with a few simple habits — checking links, enabling MFA, using a password manager, ignoring suspicious messages — you can avoid almost every phishing attack out there.
Byte says:
“If something smells fishy… it’s probably phishing.” 🐉🎣
🔗 Related Articles
- ELI5: What Is Malware?
- ELI5: What Is MFA?
- ELI5: What Are Password Managers?
- ELI5: What Is Cybersecurity?
Stay Safe From Phishing Scams
- 🔐 YubiKey Security Key → Eli5cyber.com/go/yubikey5
- 🔑 Password Managers (Bitwarden / 1Password)