API Marketplace

Solutions

Resources

Our Company

Book a Demo

← Back to Glossary

Phishing

Overview

Phishing is a social-engineering attack that tricks users into revealing credentials, OTPs, or sensitive data via deceptive emails, sites, calls, or SMS. Variants include spear-phishing (targeted), business email compromise (BEC), smishing (SMS), and vishing (voice). In finance, phishing drives account takeover, payment fraud, and internal breaches.

Controls include passkeys/MFA, DMARC/SPF/DKIM, secure email gateways, URL detonation, and continuous user training/simulations. Incident response should cover rapid credential revocation, session invalidation, and forensic review. From a compliance lens, phishing impacts customer protection, data privacy, and operational resilience obligations.

Stay ahead of risk with Signzy

Explore tools that help you onboard, monitor, and verify with confidence

Biometric Verification

Authenticate users with facial, fingerprint, and liveness biometrics powered by AI to prevent identity spoofing and fraud.

Transaction Monitoring

Monitor transactions in real-time and analyse past behaviour to identify suspicious activities and ensure regulatory compliance across the user journey.

Database Verification

Instantly verify user information by connecting to trusted databases across jurisdictions for accurate, compliant, and faster onboarding.

Related Terms

Account Takeover (ATO)

One-Time Password (OTP)

WebAuthn

FAQ

What are the main types of phishing?

Email phishing, spear phishing, smishing (SMS), vishing (voice), and clone/fake websites.

Why are passwords vulnerable?

Phished passwords can be reused, replayed, or sold. Stronger alternatives like passkeys avoid this risk.

How can users protect themselves?

Verify URLs, avoid clicking unknown links, enable MFA, and use phishing-resistant credentials.

What role does training play?

User awareness is critical, as human error often opens the door to phishing compromises.