Safety Instinct

Navigation


Articles · Phishing · 2 min read

What is phishing?

The name explains the whole crime. It's fishing — respelled by the hackers who invented it — and it always runs in the same four steps:

Illustration of a phishing email hooking login credentials
1

Bait

A name you trust

The message wears your bank's logo, a courier's colours, or a colleague's name. Bait only works if it looks familiar.

2

Hook

A reason to hurry

A suspended account, a missed parcel, a final warning. Urgency is the hook — it stops you from checking.

3

Catch

What you type and give away

The link lands on a fake page. The password, code, or card number you enter is the catch — reeled straight in.

4

Done

No hacking required

No malware, no broken code — just a believable message and a busy person. The password works, the money moves. That's phishing.

Everything phishing-shaped fits this frame — emails, texts, calls, DMs. Spot any one of the first three steps and step four never happens.

Also worth knowing

Illustration of fraudsters stealing banking credentials through a phishing message

Phishing · 4 min

How to spot phishing

Knowledge fades.

Unless it’s used.

That’s why we’ve built a game that teaches online safety. No jargon, made for normal people — and actually fun.

Game screen of the threat: Fraudsters Steal Your Banking Login via SMS
Game screen listing security habits that protect against digital threats

Free to try · No account needed