You receive a new email that looks like it’s from a friend, a company, a government official, or even a family member. Inside the email is just a link. Naturally, you click on it.
This takes you to a login page where you enter your username and password. But then, it turns out this site is fake and steals your password. You’ve just fallen for a trick called phishing.
Phishing is a method people use to steal your login information or get into one of your accounts. The trick is simple: it fools you into giving away your details without the need for a real hack.
Traditionally, this involves sending an email with a link. When you click it, it takes you to a fake website designed to look just like the real login page of a popular site.
Once you log in there, the fake site captures your username and password. This technique has been used since the 1990s, starting with people in the “warez community” who used it to get AOL passwords.
The Google Docs phishing scam
Back in the old days, hackers found it easy to trick people into clicking on just about anything. That was just how the internet worked back then. But today, we’re all more careful, right?
Well, not always. Take the recent Google Docs phishing scam, for example. Here’s how it happened: You received an email that looked like it was from a friend, saying they wanted to share a Google Doc with you. You clicked on the link, which actually took you to the real Google sign-in page.

Everything looked legitimate, so you signed in. The trick came next. After signing in, you were asked to give permissions to what turned out to be a phishing app. It was a smart twist on a typical process, but it wasn’t really new.
Although this scam sounded sophisticated, there were clues it was fake. For one, the URL ‘googledocs.g-docs.win’ was suspicious. Plus, you probably had already given Google permission to access your account. Giving permission again didn’t make sense. Luckily, in this case, you could remove the phishing app’s access to your account.
Phishing scams look more realistic now
Over the years, we’ve seen many phishing scams, and they’re getting better at tricking us. Phishing is when someone tries to steal your login information by making a fake login page that looks just like the real one.
For example, one recent scam used a fake attachment to take you to a Google login page. Another scam back in 2014 did something similar with a Google Docs login page. Even the big hack at the DNC last year was a phishing attack. These scams often target big names like PayPal, eBay, and major banks.

What makes these newer scams so tricky? They’re getting really good at hiding what they’re doing. Modern phishing scams can create very convincing copies of login pages for places like Google or your bank. They use special tricks to hide the real web address of a link.
They’re also getting better at making their messages look like they’re from someone you know. In the Google Docs scam, they played on what people expect a phishing scam to look like, then surprised them by using Google’s own login system to trick them.
Here’s how to protect yourself
So, what should a tech-savvy person do? First, avoid clicking on any strange links in your emails, no matter who you think sent them. Usually, your friends won’t just send an email with a link. If they do, ask them to stop doing that.
If you see a weird link in an email but you’re tempted to click it, don’t click it. Instead, go directly to the website by typing its URL into your browser. This way, you safely log in. If you really want to check where a link goes, you can right-click on it or hover over it to see its true destination. However, be aware that even this method might not always protect you.
Additionally, if you’re keen on helping others avoid phishing scams, SwiftOnSecurity has created a collection of tools for reporting suspicious links. By reporting these links, you can help prevent others from being tricked.
Remember, never click on suspicious links in emails, whether they come from a company, your friends and family, or even your bank. Instead, go directly to the official website to get the information you need.