What are the main types of phishing?

Email phishing, spear phishing, smishing (SMS), vishing (voice), and clone/fake websites.

Why are passwords vulnerable?

Phished passwords can be reused, replayed, or sold. Stronger alternatives like passkeys avoid this risk.

How can users protect themselves?

Verify URLs, avoid clicking unknown links, enable MFA, and use phishing-resistant credentials.

What role does training play?

User awareness is critical, as human error often opens the door to phishing compromises.

← Back to Glossary

Phishing

Overview

Phishing is a social-engineering attack that tricks users into revealing credentials, OTPs, or sensitive data via deceptive emails, sites, calls, or SMS. Variants include spear-phishing (targeted), business email compromise (BEC), smishing (SMS), and vishing (voice). In finance, phishing drives account takeover, payment fraud, and internal breaches.

Controls include passkeys/MFA, DMARC/SPF/DKIM, secure email gateways, URL detonation, and continuous user training/simulations. Incident response should cover rapid credential revocation, session invalidation, and forensic review. From a compliance lens, phishing impacts customer protection, data privacy, and operational resilience obligations.

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Biometric Verification

Authenticate users securely using facial, fingerprint, or liveness biometrics powered by AI. Prevent identity spoofing and stay compliant.

Transaction Monitoring

Real-time transaction monitoring and analysis to identify suspicious activities and ensure regulatory compliance across all financial operations.

Database Verification

Verify user information instantly by connecting to trusted databases across jurisdictions. Ensure accuracy, compliance, and faster onboarding with real-time data checks.