Anatomy of a Phishing Attack: Can You Spot the Fake?
Phishing remains the #1 cyber attack vector in 2026, responsible for over 80% of data breaches. The best defense? Learning to recognize the signs. This interactive guide lets you practice spotting phishing attempts in a safe environment.
How Phishing Works
Attackers impersonate trusted entities — banks, tech companies, colleagues — to trick you into revealing sensitive information. They use urgency, fear, and authority to bypass your critical thinking.
Common Red Flags
- Misspelled domains — paypa1.com instead of paypal.com
- Urgency language — "Your account will be suspended in 24 hours"
- Generic greetings — "Dear Customer" instead of your name
- Suspicious links — hover to see the real URL before clicking
- Unexpected attachments — especially .exe, .zip, .docm files
🎯 Interactive Challenge: Real or Fake?
Below are 11 examples of emails and URLs. Your task is to identify which ones are legitimate and which are phishing attempts. Click the appropriate button for each one.
How to Protect Yourself
- Always check the sender's domain — not just the display name
- Hover over links before clicking to verify the real URL
- Enable 2FA on all important accounts
- Use unique passwords for every account — generated with PassGen
- Never enter credentials after clicking an email link — navigate to the site directly
Pro tip: Combine a strong unique password (from PassGen) with two-factor authentication — even if you fall for phishing, attackers can't access your account.