Phishing - What it is, red flags to spot, and how to avoid the hook

Phishing

What it is

Phishing is a scam where someone pretends to be a trusted person or service to trick you into giving up passwords, card numbers, or other sensitive data. It shows up in email, texts, social DMs, and look-alike websites. For a quick overview, see our phishing explainer.

Why it matters

One click on a convincing message can lead to account takeover, drained funds, or identity theft. Phishing is the easiest way for attackers to get in.

How it works - quick tour

  • Impersonation: fake invoices, “security alerts,” or delivery notices

  • Urgency: “your account will be closed today” to push fast action

  • Look-alike links: domains that mimic real brands or use URL shorteners

  • Data capture: fake login pages or forms steal your credentials

Red flags

  • Sender address that’s close but not quite right

  • Urgent requests for payment, gift cards, or password resets

  • Links that don’t match the displayed domain when you hover

  • Attachments asking to enable macros or “unlock” content

Prevent it

  • Pause and verify out of band - call the company using a known number

  • Check the full sender address and hover to preview links

  • Turn on MFA so a stolen password is not enough

  • Keep your browser and security tools updated and use DNS/web filtering

  • For teams: run phishing awareness training and use email authentication (SPF, DKIM, DMARC)

    Glossary (A–Z)

    All A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

      • Related Articles

      • Social Engineering

        What it is Social engineering is tricking people into doing something they shouldn’t - like clicking a link, sharing a code, or paying a fake invoice. Instead of hacking computers, attackers hack trust with stories that feel urgent, helpful, or ...

      • FakeAV (Fake Antivirus)

        What it is FakeAV is scareware that pretends to be antivirus. It fakes “deep scans,” invents dozens of threats, and pressures you to pay for a bogus cleanup—or it quietly installs more malware. Learn the telltale signs in our FakeAV explainer. What ...

      • Web Protection

        What it is Web protection is a bundle of tools and settings that keep you safer while you browse. It blocks dangerous sites and downloads, warns about fake logins, filters sketchy links, and helps keep your info private. It can run on your device ...

      • Web Cache Poisoning

        What it is Web cache poisoning is when attackers sneak bad content into a website’s cache. The cache is a “shortcut” server use to make pages load faster for everyone. If it’s poisoned, later visitors get the attacker’s fake version instead of the ...

      • Baiting

        What it is Baiting is a social-engineering trick: attackers dangle something tempting—an “urgent” work file, free software, a giveaway—to make you install malware yourself. The lure feels legit; the payload hides in the download. How it works A ...