what is a phishing attack

Phishing is a type of social engineering attack where attackers deceive people into revealing sensitive information or installing malware such as ransomware. The goal of a phishing attack is to steal user data, including login credentials and credit card numbers. Phishing attacks are often delivered via email spam and can be either bulk attacks or targeted attacks. Bulk attacks are not targeted and are instead sent in bulk to a wide audience, while targeted attacks, also known as spear phishing, use personalized emails to trick a specific individual or organization into believing they are legitimate. These attacks often utilize personal information about the target to increase the chances of success and often target executives or those in financial departments with access to sensitive financial data and services. Phishing works by luring a victim with legitimate-looking (but fraudulent) emails or other communication from a trusted (or sometimes seemingly desperate) sender who coaxes victims into providing confidential information—often on what looks to be a convincingly legitimate website. Phishing attacks can be prevented by being cautious of unsolicited emails, not clicking on links or downloading attachments from unknown sources, and verifying the legitimacy of the sender and website.