• English
    • Français
    • Deutsch
    • 日本語
    • Español
    • Svenska
  • Contact sales
  • Reseller locator
  • English English English en
  • Français Français French fr
  • Deutsch Deutsch German de
  • 日本語 日本語 Japanese ja
  • Español Español Spanish es
  • Svenska Svenska Swedish sv
Yubico
  • Why Yubico
    • For business
    • For individuals
    • For developers
  • Products
    • YubiKeys
    • YubiHSM
    • YubiEnterprise services
    • Services & software
    • Works with YubiKey
    • Find the right YubiKey
  • Solutions
    • Use Cases
      • Remote Workers
      • Passwordless
      • Microsoft 365
      • MFA modernization
      • Account takeovers
      • Compliance
      • Privileged users
      • Mobile restricted environments
      • Call centers
      • Secure password managers
    • Industries
      • Technology
      • Financial services
      • Cryptocurrency
      • Retail
      • Federal Government
      • State and Local Government
      • Elections and Political Campaigns
      • Education
      • Healthcare
  • Resources
    • Getting Started
    • COVID-19 Resources
    • White papers
    • Webinars
    • Product briefs
    • Case studies
    • Infographics
    • Yubico blog
    • Authentication standards
    • Videos
    • Developer program
    • Cybersecurity Glossary
  • Company
    • About us
    • The team
    • Innovation history
    • Careers & culture
    • Press room
    • Contact us
    • Partners
    • Events
    • Our customers
    • Free Speech program
    • Affiliate program
  • Support
    • Support services
    • Professional Services
    • Set up your YubiKey
    • Help
    • Documentation
    • Downloads
    • Buying and shipping
    • Security advisories
  • 
      • X
        Quick Links
        Find the Right YubiKey Set Up Your YubiKey Contact Us
        Knowledge Base
      • Search Yubico
  • Search
Store
what is phishing?

What is phishing?

Phishing is the art of tricking people into revealing personal information. Usernames, passwords, and credit card numbers are often targeted for phishing attacks, with the intent of taking over user accounts. 59% of phishing attacks are financially motivated.

Share     

Phishing by the numbers

39 seconds

Average time between cyber attacks

3,809,488

Records stolen every day from breaches

$100 billion

Total cost globally for cyber crime

Can you spot a phishing email?

Have you ever received an email that looked suspicious? Maybe an email asking you to verify your account, threatening to cut-off a service, or asking you to send money? If yes, then you are not alone. 97% of people are unable to identify a phishing email.

Learn how to identify one here

Common features of phishing emails

Too good to be true

Lucrative offers and eye-catching or attention-grabbing statements are designed to attract people’s attention.

Sense of urgency

A favorite tactic amongst cybercriminals is to ask you to act fast because the offers are only for a limited time.

Hyperlinks

A link may not be all it appears to be. Hovering over a link shows you the actual URL where you will be directed.

Attachments

If you see an attachment in an email you were not expecting or that does not make sense, don’t open it!

Unusual sender

If anything seems out of the ordinary, unexpected or out of character, do not click or open an attachment.

Spoofing

Even if it looks exactly like a site you’ve been to before, it might be a malicious duplicate – especially if you’ve clicked a link to get there.

How phishing works

1. Cybercriminals plan

Cybercriminals choose attack targets, usually based on services, demographics, or any number of factors.

They create methods for tricking users into providing information they want to steal. They may use text messages, emails, and identical looking websites to trick users.

2. Attack begins

Successful phishing attacks use real information, seem like they’re coming from a real person or business, and create a sense of urgency to entice users to click.

The most successful attacks focus on tricking the user into sharing information for a delivery or signing into an account.

3. Tricked user logs in

Once users click on a link, they’re often directed to a fake website that looks identical to the real one – even the URL looks the same.

Once users enter their credentials on the fake site, cybercriminals immediately login to the real website with the username and password the user was just tricked into revealing.

4. Credentials stolen

Now the users’ credentials have been stolen, and are used to take over accounts. Attackers then use this information to commit fraud, hold information ransom, with the goal of financial gain.

Proven protection in the most challenging environments

“We have had no reported or confirmed account takeovers since implementing security keys at Google.”

The YubiKey protects you

Physical security is hard to beat

When you login using a YubiKey, you’re required to give your explicit consent by touching or tapping the YubiKey itself.

Making you personally a part of the secure login process raises the security bar significantly.

The YubiKey isn’t fooled

Even if you are tricked, the YubiKey isn’t fooled. The YubiKey binds the user login to the original website’s URL. Only the real site can authenticate with the key.

That means that while a user may be tricked into thinking a website is real, the YubiKey won’t reveal your credentials.

Impersonation becomes harder

While, cybercriminals may get access to your username and password through phishing or data breaches, without the YubiKey they cannot login. Login requires the physical possession of the key.

By using the YubiKey, your presence becomes a critical part of the login process, significantly raising the security bar.

Hardware is better than text

Text messages used to verify your identity or reset your password can be intercepted by cybercriminals. The YubiKey cannot be intercepted remotely, since it is a physical key, just like your house key.

By using the YubiKey and its hardware-based authentication to prove it’s you, not even cybercriminals with your credentials can mimic your physical presence to login.

Want to know more? How modern phishing defeats basic multi-factor authentication

YubiKey is trusted by the world’s leading companies

“We’ve raised the standard of security for our employees. The YubiKey works seamlessly for people in their day-to-day workflow here at Google.”

Read more

“Facebook is using the YubiKey for securing its own employees, and have made secure login with FIDO U2F and YubiKeys available for all Facebook users”

Read more
CERN Logo

“The YubiKey meets all our requirements thanks to its simplicity of use, its open algorithm and the available open-source software support.”

Read more

Phishing is on the rise

Phishing is on the rise with a 65% year over year increase in the number of phishing attacks. And, it works better than you think. Cybercriminals are getting better at slipping their phishing emails through spam filters and past anti-malware software. By using weak usernames and passwords, or vulnerable SMS-based two-factor authentication, users are vulnerable to account takeovers resulting from increasingly sophisticated phishing scams.

Find the right YubiKey
Take the quick Product Finder Quiz to find the right key for you or your business.
Let’s start
Get protected today
Browse our online store today and buy the right YubiKey for you.
Shop now
ponemon_b_f

The 2020 State of Password and Authentication Security Behaviors Report

Learn how prevalent phishing attacks have become and how password practices can help mitigate risks.

Download Report

Say hello to the YubiKey and defend against phishing

Contact Sales
Buy Online

Find
Take product finder quiz

Set up
Find set-up guides

Buy
Buy online
Contact sales
Find resellers

Stay connected
Sign up for email

RSS FeedTwitterLinkedInFacebookInstagramYoutubeGithub

Products
YubiKeys
YubiHSM
YubiEnterprise services
Services & software
Works with YubiKey
Find the right YubiKey

Why Yubico

For personal use
For businesses
For developers
Solutions
Remote Workers
Passwordless
Microsoft 365
Call centers
Cryptocurrency
Financial services
Federal Government
State & Local Government
More…
Resources
Getting Started
COVID-19 Resources
White papers
Webinars
Case studies
Product briefs
Infographics
Yubico blog
Authentication standards
Videos
Developer program
Company
About us
Trust in Yubico
The team
Innovation history
Careers & culture
Press room
Contact us
Partners
Events
Our customers
Affiliate program
Support
Support services
Professional Services
Set up your YubiKey
Knowledge base
Documentation
Downloads
Security advisories

Cookies Legal Trust Privacy Terms of Use

Yubico © 2021. All Rights Reserved.

We use cookies to ensure that you get the best experience on our site and to present relevant content and advertising. By browsing this site without restricting the use of cookies, you consent to our and third party use of cookies as set out in our Cookie Notice.
Accept Settings
Yubico Privacy and Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled

Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.

Uncategorized

Undefined cookies are those that are being analyzed and have not been classified into a category as yet.

Analytics

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.

Advertisement

Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.

Performance

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

Preferences

Preference cookies are used to store user preferences to provide content that is customized and convenient for the users, like the language of the website or the location of the visitor.

Functional

Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.

Save & Accept
Scroll to top