Phishing is usually done through email, ads, or by sites that look similar to sites you already use. For example, someone who is phishing might send you an email that looks like it's from your bank so that you'll give them information about your bank account.
Be careful anytime you get an email from a site asking for personal information. Phishing emails or sites might ask for:
Usernames and passwords, including password changes
Social Security numbers
Bank account numbers
PINs (Personal Identification Numbers)
Credit card numbers
Your mother’s maiden name
If you get this type of email:
Don’t click any links or provide personal information until you've confirmed the email is real.
Check that the email address and the sender name match.
Check if the email is authenticated.
Hover over any links before you click on them. If the URL of the link doesn't match the description of the link, it might be leading you to a phishing site.
Check the message headers to make sure the "from" header isn't showing an incorrect name.
If the addresslooks suspicious, reported as phishing.