In a phishing scam, fraudsters cast a wide net by sending out mass emails or messages, hoping to trick recipients into providing their sensitive information like their bank account information, credit card details, email ID/ passwords, and similar important personal information. These messages often contain urgent or alarming requests, targeting recipients to click on links or open attachments that lead to fake login pages or malicious software installations. The term "phishing" is derived from the idea of "fishing" for personal information and, hence, the nature of phishing is to send a scam message to as many people as possible.

Phishing scams can be done through different mediums, including

1. Email phishing:
   Fraudulent emails designed to mimic legitimate organizations, often requesting recipients to update account information, verify log in credentials, or take urgent action to avoid consequences. Recently a lot of such phishing emails are reported by employees, where their company’s CEO or someone in the upper management is asking them for help. 
2. Spear phishing:
   Targeted phishing attacks aimed at specific individuals or organizations, often using personalized information obtained through research or data breaches to increase the credibility of the scam.
3. Smishing:
   Phishing attacks conducted via SMS or text messages, where recipients are prompted to click on links or respond with sensitive information under the guise of urgent notifications or alerts. Some of the most common scams are where users are sent messages where they are required to change their banking details.
4. Vishing:
   Phishing attacks conducted over the phone, where fraudsters impersonate trusted entities to deceive victims into providing personal or financial information verbally. The easiest is where the scammer tries to be someone the victim knows and cares for, and they try to create a distressing situation like they are stranded while they are traveling. 
5. Clone phishing:
   Scammers create fake copies of legitimate emails or websites, altering them slightly to appear authentic, then send them to targets to trick them into providing sensitive information.

1. Sender's email address:
   Check the sender's email address carefully. Phishing emails often come from addresses that mimic legitimate organizations but may contain misspellings or slight variations.
2. Generic greetings or urgent language:
   Be wary of emails that use generic greetings like "Dear Customer" or employ urgent language, such as "Immediate action required" or "Your account will be suspended." Scammers often use urgency to pressure recipients into acting quickly without thinking.
3. Suspicious links:
   On a desktop, hover the mouse cursor over any links in the email (without clicking on them) to reveal the actual URL (for example, at the bottom left on Chrome browser). Phishing emails often contain links that lead to fake websites or malicious pages designed to steal your information or infect your device with malware. Look for misspelled URLs or URLs that don't match the purported sender. Only click on links in your text messages if you are sure of the source. Truecaller can also be helpful, for text messages. Once the app is installed, it lets you know whether a number is 'likely fraud' through its fraud detection services.
4. Requests for personal information:
   Be cautious of emails requesting sensitive information like account numbers, passwords, Social Security numbers, or login credentials. Legitimate organizations typically won't ask for this information via email.
5. Unsolicited attachments:
   Avoid opening email attachments from unknown or unexpected sources, as they may contain malware or viruses. Even if the attachment appears harmless, it's better to be cautious.
6. Unusual requests or offers:
   Be skeptical of emails promising unexpected prizes, lottery winnings, or exclusive deals, especially if they require you to provide personal or financial information or make a payment upfront. If an offer seems too good to be true, it probably is.
7. Verify information independently:
   If you're unsure about the legitimacy of an email, independently verify the information through official channels. Contact the organization directly using a trusted phone number or website (not the contact information provided in the email) to confirm the request or report suspicious activity. You can also search for the number on Truecaller and check if the number is marked as spam and if other users have left a comment for this number.

If you've been a victim of a phishing scam, reach out to

1. Your local law enforcement agency
2. Your financial institution, like a bank
3. Email service provider
4. Credit reporting agencies
5. You can also report the phone number of the fraudster on Truecaller. This could help the whole community from future fraud attempts!

If you are in the United States, these could be some agencies you could reach out to:

1. Federal Trade Commission (FTC): You can file a complaint with the FTC online at https://www.ftccomplaintassistant.gov/ 
2. Internet Crime Complaint Center (IC3): You can file a complaint with the IC3 at https://www.ic3.gov/ 
3. Identity Theft Resource Center (ITRC) https://www.idtheftcenter.org/
4. Better Business Bureau (BBB) (also works for Canada) https://www.bbb.org/

If you are in India, these could be agencies you could reach out to:

1. Cyber Crime Portal https://cybercrime.gov.in
2. Sanchar Saathi Suspected Fraud Communication Reporting https://sancharsaathi.gov.in/sfc/
3. Cyber Frauds Helpline - Toll-free number 1930 https://www.pib.gov.in/PressReleasePage.aspx?PRID=1814120

Phishing tactics continue to evolve, with scammers using increasingly sophisticated methods to trick individuals into revealing sensitive information or clicking on malicious links. It's essential to remain vigilant of unsolicited messages, especially those requesting personal or financial information, and to verify the legitimacy of emails and websites before taking any action.