What is a "phishing scam"? This is where you receive an email that appears to be from a legitimate organization, such as your bank, PayPal, or even the IRS. The term "phishing" was coined in 1996 by hackers that were trying to lure a sea of internet users into providing financial information.
These emails hook users because they appear to be legitimate. They typically ask you to "confirm" personal information and/or passwords. When the user clicks on the bogus action link that is attached to the email, they are directed to a website that often appears to be a typical login page. But when the user enters their information, the hacker now has access to the information that was entered. The hacker can now begin draining your bank account and funneling the money into one they have created. So how can you protect yourself?
See examples of phishing emails and how to detect them published by Consumer Reports:
If you receive an unknown email, do not open it or any attachments contained within it. For example, if you bank with Chase, but receive an email from Bank of America asking you to confirm your information, there is a 99% chance this is a scam.
Financial institutions typically will not ask you to confirm confidential information unless you contact them. If you do receive this type of email, do not respond to it. Instead, call the organization and tell them about the email that you received. Most financial organizations have a fraud team that wants to know about these types of bogus emails so that they can attempt to track and prosecute them.
There are typically other indications that the email is not legitimate. Look for spelling or grammar errors that do not appear professional. Look at the sender's email address. Often these have domains that are not associated with the organization that they are claiming to be from. Finally, if you hover over the links that are provided, these usually will indicate that they are bogus as well.