Phishing

Phishing protection

Phishing wears your brand to trick your customers. The way to protect them is to remove the infrastructure behind the attack, the lookalike domains and fake pages, before it reaches the inbox.

Take down a phishing page Get a free report

What phishing is

Phishing is a social-engineering attack that tricks people into handing over credentials, payment data, or other sensitive information by impersonating a trusted brand, person, or service. A typical campaign sends an urgent message that links to a lookalike page, the page captures whatever is entered, and the attacker uses it for fraud or account takeover.

It is brand impersonation operationalized for theft, which is why phishing protection sits inside brand impersonation protection. The page or message almost always borrows a real brand, and the domains and hosts behind it are exactly what monitoring and takedowns target.

Types of phishing to know

Phishing splits by channel and target. Each has its own short definition in the glossary.

Spear phishing

Targeted lures tailored to one person or team.

Smishing

Phishing delivered by SMS and messaging apps.

QR phishing (quishing)

Malicious links hidden inside QR codes.

Business email compromise

Fraud that impersonates an executive or vendor over email.

Email spoofing

Forged sender addresses, the basis for most phishing.

Domain spoofing

Faking a trusted domain in URLs or email.

Whaling

Phishing aimed at senior executives.

Vishing

Voice phishing over phone calls.

CEO fraud

A fake executive ordering an urgent payment.

DMARC

The email-authentication defence against spoofing.

Credential harvesting

Fake login pages that collect passwords at scale.

Reverse proxy phishing (AiTM)

Real-time relay attacks that defeat MFA.

Phishing kit

Ready-made packages for spinning up fake pages.

Clone phishing

A copied real email with the links swapped out.

How nebty protects your brand

We start where the attack lives. Our domain monitoring watches the lookalike space around your brand, so the domains used for phishing surface as they are registered, often before the first email goes out. When a phishing page is live, our takedown service removes it on demand and submits it to anti-phishing blocklists in parallel, so browsers warn users during the takedown window.

Takedowns run with no subscription, and you only pay for the ones that succeed. For the email side, our guides cover email spoofing, business email compromise, and QR phishing in depth.

Found a phishing page using your brand?

We take it down on demand, with no subscription and no fee unless it works. Or get a free report on the lookalike domains already targeting you.

Start a takedown