Education • Practice • Safer Habits

What is phishing?

Phishing is when someone pretends to be a trusted person, company, or organization to trick you into clicking, replying, logging in, sending money, or sharing personal information. It can happen through email, text messages, phone calls, fake websites, social media, and even physical mail.

Start Training What To Do Next
Learn the pattern • Spot the warning signs • Respond the right way
Simple, practical guidance built for real people and real situations
Understand how phishing actually works in everyday life
Learn the red flags before urgency or fear takes over
Practice safer next steps before you click, call, or pay
Phishing usually follows the same formula: impersonation + pressure + a risky action. If a message pushes you to click, call, log in, or pay right now, slow down and verify first.

Quick start

A simple 3-step way to think about phishing before you react.
Start Here

You do not need to be technical to spot most phishing attempts. The goal is to pause, recognize the pattern, and make a safer decision before giving away access, information, or money.

1

Notice the setup
A phishing message usually looks important, urgent, helpful, or official on purpose.
“Final notice” “Account problem”

2

Find the risky action
Most phishing attempts want you to click a link, call a number, open a file, log in, or send payment.
Click Call / pay / log in

3

Pause and verify safely
Go to the official website yourself, use a trusted phone number, or contact the real person directly.
Official source Independent verification

Start Training What To Do Next
Rule of thumb: if the message tries to rush you into action, that pressure is part of the scam.

Why phishing works

Phishing works because it targets human trust, attention, and emotion. Most scams are not complicated. They succeed by creating just enough urgency, fear, or curiosity to make someone act before thinking it through.

Urgency and pressure
The message tries to make you act before you verify anything.
Impersonation
Attackers pretend to be banks, delivery companies, coworkers, family, or government.
A trap action
There is almost always a link, file, login page, phone number, code request, or payment ask.
The payoff
The goal is to steal account access, personal information, money, or trust.

Common red flags

  • Unexpected message demanding quick action
  • Threats, fear, legal pressure, or “urgent account issue” language
  • Requests for passwords, one-time passcodes, or sensitive personal data
  • Links that lead somewhere different than they appear to
  • Payment requests through gift cards, crypto, wire transfers, or unusual methods
  • Sender names, email domains, or website addresses that are slightly off
Quick rule
If the message is emotional and wants action right now, treat it like a phishing attempt until you verify it independently.
Common phishing methods
Phishing is an umbrella term. It shows up anywhere people communicate, trust, and pay.
Common methods

Email phishing

Spoofed emails that push you to click, open, log in, or verify account details.
Train this

Smishing (SMS)

Text scams involving deliveries, banks, jobs, tolls, prizes, and fake alerts.
Train this

Vishing (phone)

Calls from fake banks, tech support, law enforcement, or other authority figures.
Train this

Fake websites

Look-alike pages designed to steal usernames, passwords, or card information.
Train this

Social & ad scams

Scams hidden in DMs, sponsored posts, marketplace offers, and fake ads.
Train this

Mail & letter scams

Physical mail that pressures people into calling, paying, or sharing information.
Train this
Why phishing awareness matters
Scams are widespread, expensive, and often successful because people are busy — not because they are careless.
Snapshot
Millions
of people report scams each year
Billions
in losses are reported annually
Every day
phishing emails and scam messages are sent at scale
Top threat
phishing continues to drive account compromise
Fast-moving
text-based scams keep growing as phones stay front and center
Still effective
voice pressure and impersonation still catch victims

For individuals and families

Phishing can lead to stolen passwords, drained bank accounts, account takeovers, identity theft, fake support scams, and emotional pressure that causes people to act too quickly.

For businesses and teams

One convincing message can lead to payroll fraud, invoice fraud, exposed credentials, internal compromise, or a much larger incident that starts with a single click or one rushed reply.

Built for real people
Clear guidance, simple examples, and less technical overload.
Useful for organizations
Supports safer habits for employees, leaders, and teams.
Designed for outreach
Helpful for workshops, communities, and awareness presentations.
Ready to go beyond the basics?
Continue into training, practice common scam scenarios, and build safer habits that stick.
Start Phishing Training What To Do Next