Phishing and spoofing are both forms of online deception, but they work in slightly different ways. Phishing is when someone pretends to be a trusted person or organisation to steal information such as passwords, bank details, or OTPs. You might get an email or message that looks genuine — maybe from your school, a delivery company, or your bank — asking you to “confirm” something. The link leads to a fake website that quietly collects your data.
Spoofing, on the other hand, is about disguise. It’s when someone makes their email address, phone number, or even a website look like it’s coming from someone else. A spoofed message might appear to be from your teacher, but it’s actually from a stranger. The aim is to gain trust so the victim clicks a link or shares information — often leading to a phishing attack.
Spoofing is the disguise, and phishing is the actual act of stealing. Both rely on one thing — catching you off guard. The best defence? Slow down, check the sender carefully, and never share personal details unless you’re absolutely sure who’s asking.