what is phishing?

Phishing attacks aim to steal or damage sensitive data by deceiving people into revealing personal information like passwords and credit card numbers. Provided in this website is an opportunity to walk through a live phishing simulation without any compromise of data.

enter the simulation

Various types of phishing attacks

Phishing attacks come from scammers disguised as trustworthy sources and can facilitate access to all types of sensitive data. As technologies evolve, so do cyberattacks. Learn about the most pervasive types of phishing.

Email Phishing

Uses tactics like false hyperlinks to lure email recipients into sharing personal information.

Malware Phishing

Involves planting malware disguised as a trustworthy attachment in an email.

Spear Phishing

Targets specific individuals by exploiting information gathered through research into their lifes. Often customized.

Whaling

Hackers target higher ups such as business executives or celebrites to steal login credentials or other information.

Smishing

Combining "SMS" and "phishing" this involves sending text messages disguised as trustworthy communication from popular companies.

Vishing

Attacks from false call centers trick users into providing sensitive information over the phone.

Common phishing tactics

01. Communication

Attackers are skilled at manipulating their victims into giving up sensitive data by concealing malicious messages and attachments in places where people are not very discerning (for example, in their email inboxes). It’s easy to assume the messages arriving in your inbox are legitimate, but be wary—phishing emails often look safe and unassuming. To avoid being fooled, slow down and examine hyperlinks and senders email addresses before clicking.

02. Manipulation

Bad actors use psychological tactics to convince their targets to act before they think. After building trust by impersonating a familiar source, then creating a false sense of urgency, attackers exploit emotions like fear and anxiety to get what they want. People tend to make snap decisions when they’re being told they will lose money, end up in legal trouble, or no longer have access to a much-needed resource. Be cautious of any message that requires you to “act now”—it may be fraudulent.

03. Trust

Bad actors fool people by creating a false sense of trust—and even the most perceptive fall for their scams. By impersonating trustworthy sources like Google, Wells Fargo, or UPS, phishers can trick you into taking action before you realize you’ve been duped. Many phishing messages go undetected without advanced cybersecurity measures in place. Protect your private information with email security technology designed to identify suspicious content and dispose of it before it ever reaches your inbox.

Quick tips to avoid being prey to a phishing attack

Don't trust display names

Check the sender's email address before opening a message—the display name might be a fake.

Check for typos

Spelling mistakes and poor grammar are typical in phishing emails. If something looks off, flag it.

Look before clicking

Hover over hyperlinks in genuine-sounding content to inspect the link address.

Read the salutation

If the email is addressed to “Valued Customer” instead of to you, be wary. It’s likely fraudulent.

Review the signature

Check for contact information in the email footer. Legitimate senders always include them.

Beware of threats

Fear-based phrases like “Your account has been suspended” are prevalent in phishing emails.

Enter the simulation

Phishing is an endpoint problem, not a credential problem.

Provided by Python's Vanguard, is a phishing simulation that you may walk through entering unsenstive information experiencing what it would be like to "click the link" that your IT department always tells you not. Exercise caution as you would any site and avoid entering personal information.