If you're seeing this message, it means we're having trouble loading external resources on our website.

If you're behind a web filter, please make sure that the domains *.kastatic.org and *.kasandbox.org are unblocked.

Main content

Phishing attacks

In a phishing attack, scammers send emails or texts pretending to be from a trusted source, like PayPal or Amazon. They use urgent language to scare you into clicking links and providing your login information. To avoid falling for these scams, always verify email addresses and URLs before taking any action. Stay skeptical and cautious when dealing with suspicious messages. Created by Sal Khan.

Want to join the conversation?

  • primosaur ultimate style avatar for user Wings of Fire Fan
    My sister noticed that the email from which this was sent is misspelled(epaiypal instead of epaypal). Is this also a clue that it is a phishing attack?
    (14 votes)
  • winston baby style avatar for user Alex Yang
    Let's assume I just got a phishing email from PayPal which asks for me to click on the login link to secure my account. If I accidentally click on the login link, is there any harm in just clicking the link? Will my IP adress get exposed?
    (7 votes)
    • blobby green style avatar for user Krake
      While in many cases these phishing email links just lead to simple web forms designed to trick you into revealing personal information, many phishing links do link to sites containing malware that can infect your device.

      Even if there's no 'malware' per se, they could still be abusing legitimate technologies like cookies to track your activity across the web - those technologies won't allow them to do things like steal your passwords by recording your keystrokes, but they could allow bad actors to collect more info on you which they can use to improve the quality of future phishing attacks or to try to guess your passwords.

      Also, any website you visit can see your IP address. Someone simply knowing your IP address isn't necessarily a big deal, but it is better if cybercriminals don't know it.

      There's not much harm in opening the email, but it's not a good idea to click on links in suspected phishing emails. Also definitely not a good idea to click on attachments in those sorts of emails.

      There are ways to investigate weird links and suspicious files, but doing so in a reasonably safe manner takes knowing your way around a few different tools and a good knowledge of how computers and the internet work.

      However, YouTube is a great place to see some of this in action, from old-school Windows 95 virus demonstrations to exhaustive analysis of recent ransomware threats. Just remember that malware analysis is kind of like digital demolitions testing, you definitely don't want to mess with if you aren't really sure what you are doing.
      (1 vote)
  • leafers tree style avatar for user Andrei
    I heard that it is possible to use cyrillic characters in a domain name, besides, you never know what the legit address is, scammers can have a domain that seems VERY legit, with no spelling mistakes whatsoever, except that it is called some wired combination of something.paypal.something.com and it might very well be some legit email from PayPal.

    Could someone please tell me how to ACTUALLY check if a domain is legit? Every person on YT and everywhere just says: oh yeah, all you have to do is check if the domain is real, but they never address the 1000 corner cases that make it impossible to do of the average user.

    If someone knows a database of ALL legit email/domains for all the major websites that can make sure no cyrillic characters are in use and the other multitude of ways you can make a website look very legitimate, please put it here.

    Also, the part about Google having the worlds best security: Google was literally displaying fake ads for OBS and VLC recently (ads linked to fake websites with malicious downloads). And it's not like they can't modify the official wikipedia link so there is no way to check, there is no service you can really really trust. How do you trust anything after that?
    (2 votes)
    • stelly blue style avatar for user Evan Lewis
      One easy option is to use a difference checker tool (there are lots of these online for free). With this tool, you can copy and paste the email address/domain into one side of the difference checker, and then type what you expect the email/domain to be on the other side. If there are any special characters or differences, the tool will be able to detect and highlight these.
      (1 vote)
  • leaf green style avatar for user hope eleayayh
    i always call my bank before i do anything just to confrm sorry for my spelling
    (1 vote)
    Default Khan Academy avatar avatar for user
  • duskpin sapling style avatar for user Claire S.
    Do email accounts usually block phishing accounts automatically? I think mine puts everything with a suspicious link in the spam folder…
    (1 vote)
    • stelly blue style avatar for user Evan Lewis
      Yes, most major email providers will automatically block emails from known scammers. A lot of these will not even make it to your account at all, including the spam folder.

      However, there are always some emails that slip through the scam filters, so it's important to always remain vigilant when clicking on email links!
      (0 votes)

Video transcript

- [Instructor] Let's say you get an email like this, where it looks like it is from PayPal. It says "Response required" really big, so this is a little bit scary. And it says, "Dear," you, "We emailed you a little while ago to ask you for your help "resolving an issue with your PayPal account." This seems really serious. "Your account is still temporarily limited "because we haven't heard from you. "We noticed some unusual login activity with your account. "Please check that no one has logged into your account "without your permission." This is scary: To help us with this and to see what you can and can't do with your account until the issue is resolved, log in to your account or go to the Resolution Center. As always, if you need help or have any questions, feel free to contact us. We're always here to help. Thank you for being a PayPal customer. Sincerely, PayPal. What would you do in this situation? Well, I think for a lot of us, our emotional response is, hey, PayPal, some of my money is involved, there. They're talking about other people maybe trying to log in. I definitely wanna resolve this. And just in the heat of the moment, you might click on this "log in," or you might go to the Resolution Center, and that might start you down a little bit of a scary path. Because even though this looks like PayPal, you really need to verify that it really is PayPal. And there are some clues here that make it clear that it is not PayPal. See if you can find those. Well, the biggest clue is up here on the email address. So, it says service@intl.paypal.com as its name, but when you look at the actual email address right over here, notice it actually isn't a PayPal email address. It says @outlook.com. So, this is a pretty good clue that this is not from PayPal. And so, what is this? Well, this is known as a phishing attack. Why is it called a phishing attack? Well, I think it's probably based on the idea that when you're trying to catch fish, you dangle some bait for the fish and you see which fish are going to bite. And so, this isn't exactly fishing. They spelled the "Fuh" sound P-H because what they're really doing is they're dangling some bait in front of you and see if you're going to metaphorically get your cheek cut by the fish hook or whatever happens to fish before they get pulled out. And how would that happen metaphorically? Well, when you click on this, it probably goes to this phishy company or person's website. And that website might look like PayPal, but it's not going to be paypal.com. It's going to be some other web address. And so, one way to avoid doing that beyond looking at that this is a phishy email address is that in some browsers or in some email readers, you can scroll over this and you'll see what the website would be. Or you can right click on that. You could, say, copy the URL and you could put that in a text document to see what the actual URL is. And it's very likely that that is not going to be a PayPal URL. In fact, I would guarantee you in this case it would not be. It would look like PayPal when you get there, and what they'll probably try to get you to do is type in your username and password for your PayPal account. Why is that valuable for them? Well, you just would have then given them your username and password for your PayPal account, which then they could use to steal money from you or to do something else to you. So, be very careful where you get these urgent emails or texts. I got a text recently saying that, "Your Amazon account has been compromised. "Click here fast in order to make sure "that no more fraud happens on your account." Well, it turns out that the URL, the web address there was not amazon.com. It was going to take me to a shady website, and that shady website looked a lot like Amazon. And so, if I acted really quickly, I would've given them my Amazon username and password. So, be on the lookout for these phishing attacks, and the main way to catch them is be skeptical of anything that's talking about fraud, about something that you would scare you and say, "Hey, do I really think this is happening?" And then, if you really think it might be happening, verify the email addresses, verify the web addresses that they're really coming from who they say they're from. And it doesn't matter if the name is @somethingpaypal.com. You have to look at the actual email address and it doesn't matter what it says here. It matters what the actual URL is that it clicks to to make sure that it isn't fishy. No pun intended, or actually, that pun was intended.