aCyberSec Logo

Phishing Awareness Guide

Learn how to identify, avoid, and respond to phishing attacks. Protect yourself and your organization from cyber threats.

91%
of cyber attacks start with phishing
3.4B
phishing emails sent daily worldwide
$4.45M
average cost of a data breach

Interactive Phishing Examples

Review these examples and identify the red flags. Click on each to see detailed analysis.

Types of Phishing Attacks

📧

Email Phishing

Fraudulent emails designed to trick you into revealing sensitive information

  • Fake invoices or receipts
  • Account verification requests
  • Prize or lottery notifications
  • Fake job offers
🎯

Spear Phishing

Targeted attacks using personal information to appear legitimate

  • Uses your real name and company
  • References recent events or purchases
  • Appears to come from someone you know
  • Highly personalized content
💬

Smishing

Phishing attacks via SMS/text messages

  • Fake delivery notifications
  • Bank alert messages
  • Prize winner notifications
  • Two-factor authentication codes
📞

Vishing

Voice phishing via phone calls

  • Fake tech support calls
  • IRS or government impersonation
  • Bank fraud alerts
  • Charity scams
🐋

Whaling

Targeted attacks on high-profile individuals or executives

  • CEO fraud
  • Business email compromise
  • Wire transfer requests
  • Confidential document requests
🌐

Pharming

Redirecting users to fake websites through DNS manipulation

  • Malicious browser extensions
  • Compromised routers
  • DNS cache poisoning
  • Fake websites with similar URLs

Common Red Flags to Watch For

Sender Information

  • Generic greetings (Dear Customer, Hello User)
  • Suspicious or misspelled email addresses
  • Unexpected sender, even if name looks familiar
  • Reply-to address differs from sender

Urgency & Pressure

  • Creates sense of urgency or panic
  • Threatens account closure or legal action
  • Limited time offers or deadlines
  • Asks for immediate action

Links & Attachments

  • Hover over link shows different URL than displayed
  • Shortened URLs (bit.ly, tinyurl.com)
  • Unexpected attachments, especially .exe, .zip files
  • Links to non-HTTPS websites

Content Issues

  • Poor grammar and spelling errors
  • Generic or vague information
  • Requests for sensitive data (SSN, passwords)
  • Offers that seem too good to be true

Best Practices

Verify Before You Trust

Always verify the sender through official channels before taking action

  • Contact the company directly using official phone numbers or websites
  • Never use contact information provided in suspicious emails
  • Check the official website for security alerts or announcements

Inspect URLs Carefully

Check website addresses before clicking or entering information

  • Look for HTTPS and padlock icon in browser
  • Check for misspellings in domain names
  • Be wary of subdomains that look suspicious
  • Type URLs directly instead of clicking links

Never Share Sensitive Information

Legitimate companies never ask for passwords or sensitive data via email

  • Banks never ask for full passwords via email
  • Never share SSN, credit card numbers, or PINs
  • Be cautious of requests for personal information
  • When in doubt, contact the company directly

Keep Software Updated

Regular updates protect against known vulnerabilities

  • Enable automatic updates for your OS and browser
  • Keep antivirus and security software current
  • Update mobile apps regularly
  • Use reputable security software

Enable Multi-Factor Authentication

Add an extra layer of security to your accounts

  • Use MFA on all important accounts
  • Prefer authenticator apps over SMS when possible
  • Keep backup codes in a secure location
  • Review and remove old devices from your accounts

Educate Yourself Continuously

Stay informed about the latest phishing techniques

  • Follow cybersecurity news and updates
  • Participate in security awareness training
  • Share knowledge with family and colleagues
  • Report phishing attempts to help others

What to Do If You've Been Phished

1

Don't Panic

Stay calm and act quickly but carefully

  • Don't click any more links in the suspicious message
  • Don't download any attachments
  • Don't call numbers provided in the message
2

Change Passwords Immediately

If you entered credentials, change them right away

  • Change password on the affected account
  • Change passwords on any accounts using the same password
  • Enable multi-factor authentication if not already enabled
3

Contact Financial Institutions

Notify banks and credit card companies if financial info was shared

  • Call your bank's fraud department immediately
  • Monitor accounts for unauthorized transactions
  • Consider placing a fraud alert on your credit report
4

Report the Phishing Attempt

Help protect others by reporting the attack

  • Forward phishing emails to reportphishing@apwg.org
  • Report to the company being impersonated
  • File a report with the FBI's Internet Crime Complaint Center (IC3)
5

Scan for Malware

Ensure your device hasn't been compromised

  • Run a full antivirus scan
  • Check for suspicious software installations
  • Review browser extensions and remove unknown ones

Stay Protected, Stay Informed

Phishing attacks are constantly evolving. Stay vigilant, verify before you trust, and when in doubt, don't click. Your security is in your hands.

Report Phishing:reportphishing@apwg.org
FBI IC3:ic3.gov