What is a phishing attack?
Phishing ↗ is an attempt to steal sensitive data, typically in the form of usernames, passwords, or other important account information. The phisher either uses the stolen information themselves (for instance, to take over the user's accounts with their password), or sells the stolen information.
Phishing attackers disguise themselves as a reputable source. With an enticing or seemingly urgent request, an attacker lures the victim into providing information, just as a person uses bait while fishing.
Phishing often takes place over email. Phishers either try to trick people into emailing information directly, or link to a webpage they control that is designed to look legitimate (for instance, a fake login page where the victim enters their password).