Alerts, guides, and research from the IsThisAScam team. Updated weekly.
A complete guide to two-factor authentication: what it is, why it matters, how to set it up on every major platform, and which methods are most secure.
Evil twin attacks create fake WiFi networks that mimic legitimate ones. Learn how attackers intercept your traffic at coffee shops, airports, and hotels.
Pharming redirects you to fake websites without you clicking a bad link. Learn how DNS poisoning and host file manipulation work and how to protect yourself.
WHOIS records reveal who owns a website. Learn to read WHOIS data, spot privacy proxies, and use registration details to assess trust.
Clone phishing duplicates legitimate emails you have already received and replaces links or attachments with malicious versions. Here is how to detect the copies.
Learn why domain age matters for website trust. Step-by-step guide to check when any website was registered and what it reveals.
Whaling goes after CEOs, CFOs, and board members with meticulously crafted attacks. Learn how these high-stakes scams work and why executives are uniquely vulnerable.
Learn to inspect SSL certificates to verify website identity. Step-by-step for Chrome, Firefox, and Safari with real examples.
Regular phishing casts a wide net. Spear phishing researches you personally. Here is why targeted attacks succeed far more often and how to defend against them.
Verify any URL before clicking with free tools and manual techniques. Protect yourself from phishing, malware, and scam sites.
A plain-language explanation of the three email authentication protocols that protect against email spoofing and phishing.
VPN companies market themselves as security tools, but they don't protect against most scams. Here's what VPNs actually do and what actually keeps you safe.
Learn to read email headers to verify sender authenticity. SPF, DKIM, DMARC explained with real examples for Gmail, Outlook, and Apple Mail.
A practical guide to reading email headers, understanding authentication results, and identifying forged sender addresses.
Password managers are the single most effective security tool for regular people. Here's how they work, which to choose, and how to set one up.
Practical methods for verifying link safety, from quick visual checks to technical tools, with examples of deceptive URLs.
Your email address is probably on the dark web. Here's how to find out, what it means, and the concrete steps to protect yourself.
Ever wondered what happens if you engage with a spam email? Here's what unfolds behind the scenes when you reply, click, or interact.
Wondering why you get so much spam? Here are the seven main ways scammers harvest email addresses and what you can do to reduce your exposure.
Scammers are placing fake QR codes on parking meters, restaurant menus, and in phishing emails. Here's how quishing works and how to scan safely.