A phishing attack is a fraudulent attempt to steal sensitive information, such as usernames, passwords, or financial details, by impersonating a trusted entity via email, SMS, or websites.

Look for poor grammar, urgent requests, suspicious links, unexpected attachments, and sender addresses that don’t match the official domain.

Immediately disconnect from the internet, run antivirus scans, change affected passwords, and monitor your accounts for unusual activity.

Enable two-factor authentication, verify senders before clicking links, avoid sharing sensitive information, and use security software.

Email phishing, spear phishing (targeted), smishing (SMS), vishing (voice calls), and pharming (fake websites).

Attackers send fake messages pretending to be banks, asking users to verify account details or passwords.

Spear phishing targets a specific individual or organization using personalized information to appear credible.

Forward it to the organization being impersonated, use your email provider’s "report phishing" option, or notify cybersecurity authorities.

Yes, attackers may send malicious links, fake friend requests, or scam messages to steal information.

Smishing is phishing conducted through SMS messages, often asking for account verification or personal details.

Vishing is phishing via phone calls, where attackers impersonate a trusted source to extract sensitive information.

Check the URL carefully, look for HTTPS and a lock symbol, and verify the site’s domain against official sources.

Use strong, unique passwords, enable two-factor authentication, and avoid clicking on unverified links or attachments.

Employees should recognize phishing signs, avoid opening suspicious attachments, report incidents immediately, and follow IT security guidelines.

Antivirus software, email security solutions, browser phishing filters, and security awareness training can all help detect and prevent phishing.