Phishing is the act of sending forged email messages that pretend to come from a known business or person and ask you to do something which looks legitimate, but which will in fact damage you or your computer. For example, a phishing message may look like coming from your bank or your utility supplier, or from an unknown person or company making you an interesting offer, or even from a close friend or acquaintance in your contacts book.
The message may ask you to click on a link, or open an attachment, or reply, and then supply your password or your account details or other information, providing vague reasons such as a security check, or a technical upgrade, or a reward you just won, or something exciting to see.
If you do – even if the email, or the website you see after clicking on the link, look legitimate – you will provide your data to an unknown third party that may then use them against you, or impersonate you in some fraud. Even apparently harmless attachments such as Word documents or ZIP files, if opened, may be enough to infect your computer and steal information.
Malware is a term covering any software that, once run on your computer, will damage it or attack your information or the network. Malware is often connected with phishing, as the purpose of many phishing emails is getting you to open an attachment or a web page that will install malware on your computer. However, you could get malware through other channels as well, for example by installing untrusted software, or accessing an infected CD or USB key, or visiting a malicious website that prompts you to install something on your computer.
The earliest type of malware, known as virus, would just infect your machine, do some damage, and then move on infecting others. However, the term had to be generalised as new types of malicious software started to appear. For example, malware can record what you type on your keyboard, including passwords, or search your hard drive for valuable information, and secretly send what it finds to someone via the Internet. Some types of malware, known as cryptolockers, will make all your files unreadable by encoding them with a secret key that you can only obtain by paying a ransom. Other malware applications (botnets) will sit on your computer until someone activates them via the Internet, and then, together with other infected computers, they will start a coordinated attack against a single target.