Phishing Detection

Learn to spot fake messages that trick you

Phishing attacks are the most common type of cyber crime, with over 3.4 billion phishing emails sent daily worldwide. Learning to recognize these attacks is one of the most valuable security skills you can develop.

What is Phishing?

Phishing is when attackers pretend to be someone you trust—a bank, company, or friend—to steal your information. They use fake emails, texts, or websites that look legitimate. The goal is to trick you into revealing passwords, credit card numbers, or personal data.

How to Protect Yourself

  • Always check the sender's email address carefully
  • Hover over links (don't click!) to see the real URL
  • Never share personal info via email or text
  • Verify urgent requests by calling the company directly
  • Legitimate companies never ask for passwords via email

Warning Signs

  • Urgent language: "Act now!" "Account will be closed!"
  • Poor spelling and grammar are red flags
  • Generic greetings like "Dear Customer" instead of your name
  • Unexpected attachments can contain malware
  • Requests for money or gift cards are ALWAYS scams

Real Examples

Legitimate Email:

Dear John Smith, Your Netflix subscription has been renewed. (from: [email protected])

Phishing Email:

Dear Customer, Your Netflix account will be suspended! Click here. (from: [email protected])

Legitimate Email:

From: [email protected] - Login to your PayPal account

Phishing Email:

From: [email protected] - Verify your account now!

How to Stay Safe

The best defense is skepticism. If something seems suspicious, it probably is. Always verify unexpected requests through official channels, even if the message appears to come from someone you know.

Safety Habits

  • Verify directly: Go to the website yourself, don't use the link
  • Use the official app instead of email links
  • Check for HTTPS and padlock icon in your browser
  • Report suspicious emails to your email provider
  • Teach family members to ask before clicking

Advanced Threats

  • Scammers can fake phone numbers (spoofing)
  • Social media messages from "friends" can be hacked accounts
  • Pop-up warnings about viruses are often scams themselves
  • Real security alerts usually appear on the official site/app
  • If it sounds too good to be true, it is

Frequently Asked Questions

What is phishing and how does it work?
Phishing is a type of social engineering attack where criminals impersonate trusted entities (banks, companies, friends) to trick you into revealing sensitive information like passwords, credit card numbers, or personal data. Attackers use fake emails, text messages (smishing), phone calls (vishing), or websites that look legitimate to deceive victims.
How can I tell if an email is a phishing attempt?
Look for these red flags: sender email address that doesn't match the company (e.g., [email protected] instead of netflix.com), urgent or threatening language ("Act now or lose access!"), generic greetings ("Dear Customer" instead of your name), spelling and grammar errors, requests for sensitive information, and suspicious links (hover to see the real URL before clicking).
What should I do if I receive a suspicious email?
Don't click any links or download attachments. Don't reply to the email. Verify the claim by contacting the company directly through their official website or phone number (not any contact info in the email). Report the email to your email provider's spam/phishing filter. If you're unsure, ask a family member or friend for a second opinion.
Can phishing happen through text messages or phone calls?
Yes. Phishing via text message is called "smishing" and via phone call is "vishing." Attackers may text you fake delivery notifications, bank alerts, or prize winnings with links to malicious sites. Phone scammers may impersonate tech support, government agencies, or banks. Never provide personal information to unsolicited contacts.
What if I accidentally clicked a phishing link?
Act quickly: 1) Don't enter any information on the page. 2) If you entered credentials, change that password immediately on the legitimate site. 3) Enable two-factor authentication on the account. 4) Run a virus scan on your device. 5) Monitor your accounts for suspicious activity. 6) Report the incident to the real company being impersonated.

Ready to Practice?

Test your phishing detection skills with our interactive email analysis game.

Try Interactive Version