To stop phishing attacks on your site, follow these steps:

1. **Enable HTTPS** ? Use an SSL certificate to encrypt data.
2. **Use Security Plugins** ? If you're using WordPress, install plugins like Wordfence or Sucuri.
3. **Enable Multi-Factor Authentication (MFA)** ? Protect admin accounts with 2FA.
4. **Monitor and Scan for Malware** ? Use tools like Google Search Console, Sucuri, or SiteLock.
5. **Update Software Regularly** ? Keep CMS, themes, and plugins updated.
6. **Use a Web Application Firewall (WAF)** ? Services like Cloudflare or Sucuri can help block attacks.
7. **Check for Phishing Pages** ? Search Google for `"site:yourdomain.com"` to see if attackers have added fake pages.
8. **Report and Takedown Fake Pages** ? If someone is impersonating your site, report it to Google Safe Browsing.

Would you like specific recommendations based on your hosting provider?