What Is Phishing? Types, Examples & How to Stop It (2026)
June 5, 2001 · by Pentevo
Phishing is a social-engineering attack where someone impersonates a trusted source to trick you into revealing information (passwords, card numbers) or taking an action (clicking a link, opening an attachment, approving a payment). It's the #1 way breaches start — because it targets people, not just systems.
How it works
The attacker creates a sense of trust + urgency: an email that looks like it's from your bank, IT department, or CEO, pushing you to act fast before you think. One click on a fake login page, and your credentials are theirs.
The main types
- Email phishing — mass, generic lures.
- Spear phishing — targeted at a specific person, using real details about them.
- Whaling — spear phishing aimed at executives.
- Smishing / Vishing — phishing by SMS / voice call.
- Business Email Compromise (BEC) — impersonating a colleague or vendor to redirect payments. Extremely costly.
Red flags to spot
- Urgency or threats ("your account will be closed in 24 hours").
- Mismatched sender / link — hover before you click; check the real domain.
- Unexpected attachments or login requests.
- Generic greetings and small spelling/grammar tells.
- Requests for credentials, codes, or payments — legitimate orgs rarely ask this way.
When in doubt, verify through a separate channel (call the company using a number you already trust — not one in the message).
How to defend (individuals)
- Turn on MFA everywhere — even if a password is phished, the attacker is often blocked.
- Use a password manager — it won't autofill on a fake domain, which is a great built-in warning.
- Slow down. Phishing relies on you reacting fast.
How to defend (organizations)
- Email security (filtering, DMARC/DKIM/SPF), MFA, and least privilege.
- Security awareness training + simulated phishing tests.
- Reporting culture — make it easy and blame-free to report a suspicious message.
Phishing is often step one of ransomware and data breaches. Understanding the attacker's playbook is the best defense — learn it free at the Pentevo Academy.
Related reading
Data Breach: What It Is and What to Do (2026)
What counts as a data breach, the immediate steps to take if you're affected, and how individuals and companies can reduce the damage.
ThreatsWhat Is Malware? Types, Signs & Protection (2026)
A clear guide to malware — the main types (viruses, worms, trojans, ransomware, spyware), how it spreads, warning signs, and how to stay protected.
ThreatsRansomware Explained: How It Works and How to Defend (2026)
What ransomware is, how an attack unfolds, why paying is risky, and the practical defenses that actually stop it — explained in plain English.
Practice this hands-on
Pentevo Academy turns these concepts into guided lessons, videos and quizzes — free.
Start learning free