Phishing is the world's most widespread cyberattack. In 2024, over 3.4 billion phishing emails are sent every day. Despite growing awareness, many internet users still fall for them. Here's how to protect yourself effectively.
What Is Phishing?
Phishing is a fraudulent technique that aims to make you reveal sensitive information (passwords, credit card numbers, personal data) by impersonating a trusted entity (bank, government agency, social network, etc.).
The term comes from "fishing": cybercriminals cast many hooks hoping some will "bite."
Types of Phishing
Classic Email Phishing
The most common. You receive an email that appears to come from your bank, PayPal, Amazon, or a government service. The email asks you to click a link to "verify your account," "secure your access," or "receive a refund."
The link leads to a fake website, identical to the original, that captures your credentials.
Warning signs:
- The sender's email address looks strange (e.g., support@amazon-secure-account.com)
- The email creates artificial urgency ("Your account will be locked in 24 hours")
- Spelling mistakes or awkward phrasing
- The link URL doesn't match the official site
Spear Phishing
Unlike mass phishing, spear phishing is targeted. Attackers have previously collected information about you (name, employer, contacts) to make the email more credible.
Example: you receive an email from someone presenting themselves as your colleague asking for an urgent transfer.
Smishing (SMS)
Phishing by text message. You receive a message asking you to click a link to track a package, pay a fine, or access a voicemail.
Vishing (Phone Call)
"Technical support agents" call claiming your computer is infected or your bank account has been hacked. They ask for remote access to your screen or sensitive information.
Quishing (QR Codes)
Increasingly common, quishing uses fraudulent QR codes (in emails, on posters, in parking lots) that lead to phishing sites.
How to Recognize a Phishing Email
Check the Sender Carefully
The displayed email address can be misleading. Look at the actual domain:
contact@apple.com→ legitimatecontact@apple-support.helpdesk.com→ phishing
Analyze the Link Before Clicking
Hover your mouse over the link (without clicking) to see the real URL in your browser's status bar. If the URL doesn't match the official site, don't go there.
Be Wary of Artificial Urgency
Real organizations never ask you to act "immediately" or risk losing your account. This is a classic technique to bypass your critical thinking.
Verify Directly on the Official Site
If you're unsure about an email from your bank, don't use the provided link. Open a new tab and type your bank's address directly.
5 Effective Protection Measures
- Enable two-factor authentication on all important accounts. Even if your credentials are stolen, 2FA prevents access.
- Use a password manager. These tools only autofill forms on real sites — they won't be fooled by a fake site.
- Check SSL certificates: a padlock in the address bar indicates an encrypted connection, but not that the site is legitimate. Also verify the domain name.
- Update your antivirus software and enable your browser's anti-phishing filtering (Chrome and Firefox block many known sites).
- Educate those around you: phishing exploits trust and haste. Talk to your loved ones, especially elderly people who are frequently targeted.
What to Do If You've Been Phished
- Immediately change your password on the affected service
- Enable 2FA if not already done
- Contact your bank if financial information was shared
- Report the phishing to your national cybersecurity authority
- Monitor your accounts for suspicious activity
Protecting Your Sensitive Data
Protecting your online access is the first step. But for your most sensitive information — what you want to pass on to loved ones in an emergency — an additional level of protection is needed.
EchoPass stores your information with end-to-end encryption and a zero-knowledge architecture that ensures even an attack on our servers wouldn't compromise your data.