What phishing is
Phishing is an attack that steals your login details through fake emails, texts and websites disguised as a legitimate service. It lures you into entering your password on a login screen that looks identical to the real one.
It often impersonates banks, delivery services or login alerts, and pressures you psychologically to act in a hurry.
Signs of phishing
Be suspicious if you notice the following signs.
- Wording that urgently pressures or threatens you, such as account suspension or a failed payment
- A domain subtly different from the real one (e.g. swapped letters or an added hyphen)
- Displayed link text that differs from the actual address
- Attachments from unknown sources or shortened URLs
- Asking directly for your password, OTP or card number
How to avoid it
You can block it with good habits.
- Type the address yourself or use a bookmark instead of the link in an email
- Carefully check the domain in the browser's address bar before logging in
- Rely on your password manager's autofill (it won't appear on fake domains)
- Set up 2FA with a phishing-resistant security key or passkey
If you already entered it
If you accidentally entered it on a fake site, immediately change that password and turn on two-factor authentication. Also change any other site where you used the same password, and review your payment history.