what is phishing

Phishing is a type of cybercrime where attackers deceive people into revealing sensitive information or installing malware such as ransomware. The attackers often pose as a legitimate institution or person through email, telephone, or text message to lure individuals into providing sensitive data. Phishing attacks are often delivered via email spam and can be either bulk attacks or targeted attacks known as spear phishing. Bulk attacks are sent in bulk to a wide audience, while spear phishing uses personalized emails to trick a specific individual or organization into believing they are legitimate. The goal of the attacker can vary, with common targets including financial institutions, email and cloud productivity providers, and streaming services. Phishing works by luring a victim with legitimate-looking (but fraudulent) emails or other communication from a trusted sender who coaxes victims into providing confidential information, often on what looks to be a convincingly legitimate website. Phishing emails and text messages often tell a story to trick the victim into clicking on a link or opening an attachment, which can extract login credentials, account numbers, and other personal information from victims.