Security glossary
What is a phishing campaign?
A phishing campaign is a coordinated wave of scam messages built around one story, like refunds, invoices, or security alerts.
Last reviewed: 2026-05-23
In plain English
Campaigns are broader than one message. Attackers test different subject lines, senders, and channels until people click.
After a public breach, campaigns often copy the breach theme so the message feels believable.
Payment-themed phishing campaigns are common after ticketing, travel, and retail incidents.
Real-world example
You receive three messages in two days about a 'failed refund': one email, one SMS, and one fake support DM.
What you should do
- Assume repeated urgent messages are part of one coordinated scam.
- Verify requests from inside your account portal, not from message links.
- Report scam messages and block sender domains/numbers.
Related terms
What is phishing?
Phishing is when attackers pretend to be trusted brands or people to trick you into giving passwords, codes, or payment details.
What is smishing (SMS phishing)?
Smishing is phishing through text messages, usually using fake delivery, banking, or refund alerts.
What is spear phishing?
Spear phishing is targeted phishing aimed at a specific person, team, or role using tailored details.