What is Phishing?
Phishing is a social engineering attack that uses deceptive emails, websites, or messages to trick victims into revealing sensitive information like passwords, credit card numbers, or personal data.
91% of Cyber Attacks Start with Phishing
Phishing is the most common initial attack vector. Learning to spot it is essential for everyone.
Types of Phishing
Email Phishing
Mass emails impersonating trusted organizations. Most common type.
Spear Phishing
Targeted attacks using personal information about the victim.
Whaling
Targeting executives and high-value individuals.
Smishing
Phishing via SMS text messages.
How to Spot Phishing
Red Flags in Emails
- Urgency - "Act now!" "Account suspended!"
- Generic greeting - "Dear Customer" instead of your name
- Suspicious sender - Check the actual email address, not display name
- Grammar/spelling errors - Professional companies proofread
- Mismatched links - Hover to see real URL before clicking
- Unexpected attachments - Especially .exe, .zip, .doc with macros
Checking URLs
url-check
✓ https://www.paypal.com/login✗ https://www.paypa1.com/login✗ https://paypal.com.fake-site.com/✗ https://secure-paypal-verify.com/
Protection Strategies
- Never click email links - Go directly to websites by typing the URL
- Use 2FA - Even stolen passwords won't work alone
- Use a password manager - Won't autofill on fake sites
- Verify requests - Call the company using a known number
- Report phishing - Forward to reportphishing@apwg.org
What to Do If You're Phished
- Change passwords immediately for affected accounts
- Enable 2FA if not already active
- Check for unauthorized activity
- Report to IT security (if work-related)
- Monitor your accounts and credit reports