Phishing

What is Phishing?

Phishing is a cyberattack technique where attackers create fraudulent emails, messages, or fake websites that mimic legitimate organizations. The goal is to trick people into revealing confidential information such as passwords, credit card numbers, or bank details.

How does it work?

🎨

Create Fake Site

Attacker copies a real website (bank, PayPal, Microsoft) pixel-perfectly – visually almost indistinguishable from the original.

📧

Mass Email Campaign

Thousands of victims receive seemingly legitimate emails with urgent content: "Your account has been suspended!"

🔗

Deceptive Link

URL looks real: "paypaI.com" (capital I instead of l) or "amazon-security.com" – concealing the true destination.

🖱️

Victim Clicks

Victim lands on the convincing fake page – urgency and apparent trust prevent critical thinking.

📝

Data Entered

Password, credit card details or PIN are typed in on the fake page – and sent directly to the attacker.

💸

Data Exploited

Attacker immediately accesses stolen accounts or sells the data on the dark web.

Risks and Consequences

If you fall for a phishing attack, attackers can: take over your accounts and steal all your data, withdraw money from your bank or credit card accounts, misuse your identity, install malware or ransomware on your computer, or use your contacts for further attacks.

How to protect yourself

1. Check the sender's address: Look closely at the sender's email address. Scammers often use addresses that look very similar to the real ones.

2. Check links before clicking: Hover over links to see the real URL. Even if the link text says "www.amazon.com", the real URL can be completely different.

3. Be skeptical of urgent requests: Scammers often create pressure with urgent requests. Real banks or companies will never ask for passwords or PINs via email.

4. Check for spelling mistakes: Many phishing emails contain grammar or spelling mistakes. Real companies usually check their emails for errors.

5. Use two-factor authentication: Enable 2FA on your accounts. Even if attackers have your password, they cannot get in without the second factor.

Examples of Phishing Attacks

Example 1 – Bank Phishing: You receive an email supposedly from your bank saying you need to verify your account. You click a link leading to a fake website that looks like your bank's site. You enter your credentials and the attacker steals them.

Example 2 – PayPal Phishing: You get an email from "PayPal" asking you to confirm your account. The link leads to a fake PayPal login page. You log in and the attacker gains access to your account.

Example 3 – Amazon Phishing: An email promises a gift card if you click a link. The link leads to a fake Amazon website that steals your credit card details.

Check a Link or Email for Phishing

Paste a URL or email address. The analysis runs entirely in your browser – nothing is sent to a server.

Recognize Phishing

Decide whether the following email is real or a phishing attempt.

From:

Subject: