0 added
0 removed
Original
2026-01-01
Modified
2026-03-10
1
<p>A<strong>phishing attack</strong>is a fraudulent email, text message, or phone call that aims to trick people into sending money or disclosing information, such as a bank account number or password.</p>
1
<p>A<strong>phishing attack</strong>is a fraudulent email, text message, or phone call that aims to trick people into sending money or disclosing information, such as a bank account number or password.</p>
2
<p>To pull off a phishing attack, a hacker pretends to be a legitimate organization or a person you know or trust. They may ask you to:</p>
2
<p>To pull off a phishing attack, a hacker pretends to be a legitimate organization or a person you know or trust. They may ask you to:</p>
3
<ul><li>Send personal details or dictate them over the phone</li>
3
<ul><li>Send personal details or dictate them over the phone</li>
4
<li>Complete a fake online form with your credentials</li>
4
<li>Complete a fake online form with your credentials</li>
5
<li>Download and open an attachment that infects your device with malware</li>
5
<li>Download and open an attachment that infects your device with malware</li>
6
</ul><p>If you give away your information, the perpetrator can sell it or use it to steal funds, access your accounts, or commit identity fraud.</p>
6
</ul><p>If you give away your information, the perpetrator can sell it or use it to steal funds, access your accounts, or commit identity fraud.</p>
7
<h2>Types of phishing attempts</h2>
7
<h2>Types of phishing attempts</h2>
8
<ul><li><strong>Mass phishing:</strong>The perpetrator sends the same attempt to many users.</li>
8
<ul><li><strong>Mass phishing:</strong>The perpetrator sends the same attempt to many users.</li>
9
<li><strong>Spear phishing:</strong>The perpetrator targets one person and collects information about them to make the attempt more believable.</li>
9
<li><strong>Spear phishing:</strong>The perpetrator targets one person and collects information about them to make the attempt more believable.</li>
10
</ul><p>Fraudsters sometimes start with mass phishing attempts to extract sensitive information about the company and then use that information to spear-phish employees.</p>
10
</ul><p>Fraudsters sometimes start with mass phishing attempts to extract sensitive information about the company and then use that information to spear-phish employees.</p>
11
<h2>How to recognize a phishing attack</h2>
11
<h2>How to recognize a phishing attack</h2>
12
<p>Phishing attacks often look like legitimate communication and can be hard to recognize. The following 5 signs can help you stay safe:</p>
12
<p>Phishing attacks often look like legitimate communication and can be hard to recognize. The following 5 signs can help you stay safe:</p>
13
<ol><li>A company reaches out about your account, but you don’t have a prior relationship with the organization.</li>
13
<ol><li>A company reaches out about your account, but you don’t have a prior relationship with the organization.</li>
14
<li>The sender’s<a>email address</a>or<a>phone number</a>doesn’t match the information on the official website or the one used in previous exchanges.</li>
14
<li>The sender’s<a>email address</a>or<a>phone number</a>doesn’t match the information on the official website or the one used in previous exchanges.</li>
15
<li>The message or call claims that you must act immediately, suggesting consequences like account deletion if you don’t abide.</li>
15
<li>The message or call claims that you must act immediately, suggesting consequences like account deletion if you don’t abide.</li>
16
<li>The message or email starts with an impersonal greeting, such as “Hello” or “Hi dear.”</li>
16
<li>The message or email starts with an impersonal greeting, such as “Hello” or “Hi dear.”</li>
17
<li>Less sophisticated attempts may contain spelling mistakes in the message copy.</li>
17
<li>Less sophisticated attempts may contain spelling mistakes in the message copy.</li>
18
</ol><p>These signs are sometimes not enough to rule out a phishing attempt. For example, a phishing email may look professional, address you by name, and appear to use the company’s actual email address with the help of email spoofing.</p>
18
</ol><p>These signs are sometimes not enough to rule out a phishing attempt. For example, a phishing email may look professional, address you by name, and appear to use the company’s actual email address with the help of email spoofing.</p>
19
<h3>How to recognize email spoofing</h3>
19
<h3>How to recognize email spoofing</h3>
20
<p>Email spoofing manipulates<a>email headers</a>to make it appear like the message is coming from a legitimate email address. Attackers may spoof the entire address or only the<a>domain</a>name-the part that comes after the<em>@</em>symbol.</p>
20
<p>Email spoofing manipulates<a>email headers</a>to make it appear like the message is coming from a legitimate email address. Attackers may spoof the entire address or only the<a>domain</a>name-the part that comes after the<em>@</em>symbol.</p>
21
<p>To check for spoofing, open the email header and:</p>
21
<p>To check for spoofing, open the email header and:</p>
22
<ul><li>Compare the display name and email address</li>
22
<ul><li>Compare the display name and email address</li>
23
<li>Compare the<em>from</em>address and<em>reply-to</em>address</li>
23
<li>Compare the<em>from</em>address and<em>reply-to</em>address</li>
24
</ul><p>If they don’t match or don’t use the same domain name, you may be looking at a spoofing attempt.</p>
24
</ul><p>If they don’t match or don’t use the same domain name, you may be looking at a spoofing attempt.</p>
25
<p>Another way to check for spoofing is to select the<em>Show Original</em>,<em>View Raw Source</em>, or similar options (depending on your inbox provider) and inspect the DKIM field. If the sender is legitimate, the DKIM domain name should match the one in the sender’s email address. You can also search the<em>return-path</em>to see where the message came from.</p>
25
<p>Another way to check for spoofing is to select the<em>Show Original</em>,<em>View Raw Source</em>, or similar options (depending on your inbox provider) and inspect the DKIM field. If the sender is legitimate, the DKIM domain name should match the one in the sender’s email address. You can also search the<em>return-path</em>to see where the message came from.</p>
26
<h2>How to protect yourself from phishing attacks</h2>
26
<h2>How to protect yourself from phishing attacks</h2>
27
<p>Take the following precautions to reduce your chances of getting scammed:</p>
27
<p>Take the following precautions to reduce your chances of getting scammed:</p>
28
<h3>1. Ignore all suspicious messages or calls</h3>
28
<h3>1. Ignore all suspicious messages or calls</h3>
29
<p>An unexpected email, text message, or call that seems too good to be true is likely a phishing attempt. Avoid taking action (clicking links or downloading attachments) until you’re 100% sure the sender is legitimate, and ignore any intimidation attempts from the sender. If the request is real and urgent, the company will find another way to reach you.</p>
29
<p>An unexpected email, text message, or call that seems too good to be true is likely a phishing attempt. Avoid taking action (clicking links or downloading attachments) until you’re 100% sure the sender is legitimate, and ignore any intimidation attempts from the sender. If the request is real and urgent, the company will find another way to reach you.</p>
30
<h3>2. Contact the organization or person directly</h3>
30
<h3>2. Contact the organization or person directly</h3>
31
<p>If you’re unsure whether the original message twas a phishing attempt, contact the company or person to verify. Don’t use the contact information provided by the potential attacker. Source the information from the official website or your contact list.</p>
31
<p>If you’re unsure whether the original message twas a phishing attempt, contact the company or person to verify. Don’t use the contact information provided by the potential attacker. Source the information from the official website or your contact list.</p>
32
<h3>3. Use updated security software</h3>
32
<h3>3. Use updated security software</h3>
33
<p>Security software can protect your device from malware-infected attachments that can steal your data. It can notify you if it detects suspicious activity or flag potentially harmful websites and prevent you from visiting them. Update the software regularly or tick the auto-update box so it’s effective against the latest threats.</p>
33
<p>Security software can protect your device from malware-infected attachments that can steal your data. It can notify you if it detects suspicious activity or flag potentially harmful websites and prevent you from visiting them. Update the software regularly or tick the auto-update box so it’s effective against the latest threats.</p>
34
<h3>4. Back up your data</h3>
34
<h3>4. Back up your data</h3>
35
<p>If you fall victim to phishing, fraudsters can hold your data for ransom, corrupt it, or delete it. To avoid data loss or hijacking, back up your data to an external hard drive or a cloud regularly.</p>
35
<p>If you fall victim to phishing, fraudsters can hold your data for ransom, corrupt it, or delete it. To avoid data loss or hijacking, back up your data to an external hard drive or a cloud regularly.</p>
36
<h3>5. Turn on multi-factor authentication</h3>
36
<h3>5. Turn on multi-factor authentication</h3>
37
<p>Turn on<a>multi-factor authentication</a>wherever possible. In the event that someone obtains your login credentials, they won’t be able to enter your account unless they complete the second step, which may involve:</p>
37
<p>Turn on<a>multi-factor authentication</a>wherever possible. In the event that someone obtains your login credentials, they won’t be able to enter your account unless they complete the second step, which may involve:</p>
38
<ul><li>Entering a one-time passcode sent to your phone or email</li>
38
<ul><li>Entering a one-time passcode sent to your phone or email</li>
39
<li>Answering a personal security question</li>
39
<li>Answering a personal security question</li>
40
<li>Scanning your fingerprint or face</li>
40
<li>Scanning your fingerprint or face</li>
41
</ul><h3>6. Use a password manager</h3>
41
</ul><h3>6. Use a password manager</h3>
42
<p>Password managers can autofill your credentials on saved websites. If you run into a fake website or end up with malware on your computer, a password manager can prevent hackers from capturing your information via keylogging.</p>
42
<p>Password managers can autofill your credentials on saved websites. If you run into a fake website or end up with malware on your computer, a password manager can prevent hackers from capturing your information via keylogging.</p>
43
<h3>7. Report phishing attempts</h3>
43
<h3>7. Report phishing attempts</h3>
44
<p>If you receive a phishing attempt, report it as<a>spam</a>to your inbox provider. Some devices may also allow you to report<a>text messages</a>.</p>
44
<p>If you receive a phishing attempt, report it as<a>spam</a>to your inbox provider. Some devices may also allow you to report<a>text messages</a>.</p>
45
<p>You can also:</p>
45
<p>You can also:</p>
46
<ul><li>Report the phishing attempt to a local authority, such as the<a>Federal Trade Commission</a></li>
46
<ul><li>Report the phishing attempt to a local authority, such as the<a>Federal Trade Commission</a></li>
47
<li>Inform the company that was impersonated</li>
47
<li>Inform the company that was impersonated</li>
48
</ul><h2>What to do if you fall victim to phishing</h2>
48
</ul><h2>What to do if you fall victim to phishing</h2>
49
<ol><li><strong>Log the details of the attack:</strong>Inspect the emails or text messages to determine what happened and the information you disclosed. Write down the details, as you’ll need them to report the incident.</li>
49
<ol><li><strong>Log the details of the attack:</strong>Inspect the emails or text messages to determine what happened and the information you disclosed. Write down the details, as you’ll need them to report the incident.</li>
50
<li><strong>Run a malware scan:</strong>If you’ve downloaded any attachments, use security software to scan your device, remove the program, and restore your system.</li>
50
<li><strong>Run a malware scan:</strong>If you’ve downloaded any attachments, use security software to scan your device, remove the program, and restore your system.</li>
51
<li><strong>Change passwords:</strong>Change all affected passwords, especially if you’ve used them on multiple websites. Always use strong and unique passwords.</li>
51
<li><strong>Change passwords:</strong>Change all affected passwords, especially if you’ve used them on multiple websites. Always use strong and unique passwords.</li>
52
<li><strong>Contact your financial institution:</strong>If you’ve revealed any financial information or noticed an unexpected transaction, contact your bank immediately. Their customer support team can advise you on the best course of action and help you get a refund.</li>
52
<li><strong>Contact your financial institution:</strong>If you’ve revealed any financial information or noticed an unexpected transaction, contact your bank immediately. Their customer support team can advise you on the best course of action and help you get a refund.</li>
53
<li><strong>Monitor for unauthorized login attempts:</strong>Check your inbox and junk mail for any unauthorized login attempts or transactions so you can quickly report them to minimize or prevent damage.</li>
53
<li><strong>Monitor for unauthorized login attempts:</strong>Check your inbox and junk mail for any unauthorized login attempts or transactions so you can quickly report them to minimize or prevent damage.</li>
54
<li><strong>Contact the credit bureaus:</strong>If you suspect identity fraud, place a fraud alert with the credit bureaus to protect your credit score.</li>
54
<li><strong>Contact the credit bureaus:</strong>If you suspect identity fraud, place a fraud alert with the credit bureaus to protect your credit score.</li>
55
</ol><h2>Anti-phishing best practices for businesses</h2>
55
</ol><h2>Anti-phishing best practices for businesses</h2>
56
<p>Besides the measures discussed above, consider these precautions to protect your company’s sensitive information:</p>
56
<p>Besides the measures discussed above, consider these precautions to protect your company’s sensitive information:</p>
57
<ol><li><strong>Don’t share personal information about founders or executives online:</strong>Whaling attacks can happen when hackers impersonate an executive to trick an employee into giving up information. Train your staff on how to recognize a whaling attack by inspecting the sender email address, etc.</li>
57
<ol><li><strong>Don’t share personal information about founders or executives online:</strong>Whaling attacks can happen when hackers impersonate an executive to trick an employee into giving up information. Train your staff on how to recognize a whaling attack by inspecting the sender email address, etc.</li>
58
<li><strong>Use anti-spoofing protocols:</strong>Use protocols such as two-factor authentication (2FA), multi factor authentication (MFA), encryption, certificate-based authentication, etc., to protect your business.</li>
58
<li><strong>Use anti-spoofing protocols:</strong>Use protocols such as two-factor authentication (2FA), multi factor authentication (MFA), encryption, certificate-based authentication, etc., to protect your business.</li>
59
<li><strong>Follow the data minimization principle:</strong>Limit sensitive data collection and gather only what’s necessary.</li>
59
<li><strong>Follow the data minimization principle:</strong>Limit sensitive data collection and gather only what’s necessary.</li>
60
<li><strong>Manage information access:</strong>Build a sound permissions infrastructure for all software platforms to limit employee access to only what they need. If an employee leaves a role or the company, revoke their access immediately.</li>
60
<li><strong>Manage information access:</strong>Build a sound permissions infrastructure for all software platforms to limit employee access to only what they need. If an employee leaves a role or the company, revoke their access immediately.</li>
61
<li><strong>Have an incident response plan:</strong>Prepare for the worst-case scenario and create a system that detects risks and designates a response team to deal with the aftermath of a phishing attack.</li>
61
<li><strong>Have an incident response plan:</strong>Prepare for the worst-case scenario and create a system that detects risks and designates a response team to deal with the aftermath of a phishing attack.</li>
62
<li><strong>Educate your employees and customers:</strong>Teach your employees and customers how to spot phishing, why it’s important, and how to report attempts.</li>
62
<li><strong>Educate your employees and customers:</strong>Teach your employees and customers how to spot phishing, why it’s important, and how to report attempts.</li>
63
</ol><p>Ready to promote your business and reach the right people?<a>Sign up for Klaviyo</a>and captivate your audience the right way.</p>
63
</ol><p>Ready to promote your business and reach the right people?<a>Sign up for Klaviyo</a>and captivate your audience the right way.</p>
64
64