What is Phishing?

Phishing is the art of deception at scale. Attackers craft convincing messages that look like they're from your bank, employer, or favorite service, tricking you into handing over credentials.

Types of Phishing

Mass Phishing

• Sent to millions
• Generic messages
• "Your account has been compromised"
• Low success rate, high volume

Spear Phishing

• Targeted to specific individuals
• Researched and personalized
• References real details about you
• Much higher success rate

Whaling

• Targets executives/high-value individuals
• Highly customized
• Often involves wire transfers
• Multi-million dollar losses

Smishing & Vishing

• SMS-based (smishing)
• Voice/phone (vishing)
• Same tactics, different channel

Common Phishing Tactics

Urgency/Fear

• "Your account will be closed"
• "Unauthorized access detected"
• "Act within 24 hours"

Authority

• Impersonating CEO, IT, bank
• Official-looking logos/branding
• Legitimate-seeming email addresses

Curiosity/Reward

• "You've won a prize"
• "Package delivery notification"
• "Tax refund available"

Identifying Phishing

Email Red Flags

• Generic greeting ("Dear Customer")
• Spelling/grammar errors
• Mismatched sender domains
• Suspicious links (hover to check)
• Attachments from unknown senders

Website Red Flags

• Wrong URL (amaz0n.com, g00gle.com)
• No HTTPS padlock
• Poor design/different from real site
• Asking for unusual information

Protection Strategies

Technical

• Email filtering
• Browser warnings
• 2FA (phishing-resistant like hardware keys)
• Password managers (won't autofill on fake sites)

Behavioral

• Verify unexpected requests through separate channel
• Don't click links—type URLs directly
• When in doubt, contact company directly
• Report phishing attempts

If You've Been Phished

1. Change passwords immediately
2. Enable 2FA if not already
3. Check for unauthorized activity
4. Alert financial institutions
5. Report to IT/security team
6. Monitor accounts for suspicious activity