Security guide

Phishing: Avoiding Fake Logins That Target Your Password

What phishing is

Phishing is an attack that steals your login details through fake emails, texts and websites disguised as a legitimate service. It lures you into entering your password on a login screen that looks identical to the real one.

It often impersonates banks, delivery services or login alerts, and pressures you psychologically to act in a hurry.

Signs of phishing

Be suspicious if you notice the following signs.

  • Wording that urgently pressures or threatens you, such as account suspension or a failed payment
  • A domain subtly different from the real one (e.g. swapped letters or an added hyphen)
  • Displayed link text that differs from the actual address
  • Attachments from unknown sources or shortened URLs
  • Asking directly for your password, OTP or card number

How to avoid it

You can block it with good habits.

  • Type the address yourself or use a bookmark instead of the link in an email
  • Carefully check the domain in the browser's address bar before logging in
  • Rely on your password manager's autofill (it won't appear on fake domains)
  • Set up 2FA with a phishing-resistant security key or passkey

If you already entered it

If you accidentally entered it on a fake site, immediately change that password and turn on two-factor authentication. Also change any other site where you used the same password, and review your payment history.

Back to guides