IsThisAScam
5/5
피싱

Phishing Scams

Learn how to identify phishing emails, texts, and websites. Protect yourself from credential theft and identity fraud.

What is Phishing?

Phishing is one of the most common and dangerous forms of cybercrime. Attackers send fraudulent communications — typically emails, text messages, or social media messages — that appear to come from legitimate organizations like banks, tech companies, or government agencies. The goal is to trick you into revealing sensitive information such as passwords, credit card numbers, or Social Security numbers.

Modern phishing attacks have become increasingly sophisticated. Gone are the days of obvious misspellings and crude formatting. Today's phishing emails often perfectly replicate the branding, tone, and layout of legitimate communications. Some even use compromised email accounts from real organizations, making them nearly impossible to distinguish from authentic messages.

Spear phishing targets specific individuals using personal information gathered from social media or data breaches. Whaling targets high-ranking executives. Smishing uses SMS text messages, while vishing uses voice calls. Each variant exploits different trust mechanisms, but they all share the same goal: getting you to act before you think.

How to Identify This Scam

  1. 1Urgent language demanding immediate action ("Your account will be suspended in 24 hours")
  2. 2Sender email address doesn't match the organization's official domain
  3. 3Generic greetings like "Dear Customer" instead of your actual name
  4. 4Links that don't match the purported sender (hover to check before clicking)
  5. 5Requests for passwords, PINs, or financial information via email
  6. 6Unexpected attachments, especially .zip, .exe, or macro-enabled documents
  7. 7Subtle misspellings in the domain name (e.g., "paypa1.com" instead of "paypal.com")
  8. 8Threats of negative consequences if you don't comply immediately

Real Examples (Anonymized)

You receive an email appearing to be from your bank stating that unusual activity was detected on your account. It includes a link to "verify your identity" that leads to a convincing replica of your bank's login page.

Sender domain is "secure-bankofamerica-verify.com" instead of "bankofamerica.com"
Creates urgency with "Account will be locked in 2 hours"
The link URL doesn't match the bank's official website

A text message claims to be from a delivery service saying your package couldn't be delivered and you need to pay a small redelivery fee of $1.99 via the provided link.

You weren't expecting any deliveries
Legitimate delivery companies don't charge redelivery fees via text
The link leads to a page asking for full credit card details for a tiny charge

An email from "IT Department" asks you to click a link to update your company email password before it expires. The email looks internal with proper company branding.

IT departments rarely send password reset links via email
Hovering over the link reveals an external domain
The "From" address uses a slightly different domain than your company

What to Do If You Receive One

  • Never click links in unexpected emails — go directly to the website by typing the URL
  • Verify the sender by checking the full email address, not just the display name
  • Enable two-factor authentication (2FA) on all important accounts
  • Report the phishing attempt to the impersonated organization
  • Mark the email as spam/phishing in your email client
  • If you clicked a link, change your password immediately and monitor your accounts

Report It

FTC (US)United States
Action Fraud (UK)United Kingdom
ACCC Scamwatch (AU)Australia
Anti-Phishing Working GroupInternational

Think you received a phishing scam?