Phishing

Phishing is a type of cyberattack where criminals attempt to trick individuals into revealing sensitive information — such as passwords, credit card numbers, or personal details — by disguising themselves as trustworthy entities. Attackers usually deliver phishing attempts via email, text messages, phone calls, or fake websites designed to look like legitimate services. The term comes from “fishing,” as attackers “bait” victims into giving up valuable information. Phishing is one of the most widespread and dangerous threats in cybersecurity, often serving as the first step in larger attacks such as identity theft, financial fraud, or corporate breaches.

How it works

1. Deception → Attackers craft convincing messages that appear to come from trusted organizations (banks, cloud services, social media platforms).
2. Bait → The victim is lured into clicking a link, downloading a file, or providing personal data.
3. Harvesting → The attacker collects credentials, payment data, or installs malware on the victim’s device.
4. Exploitation → Stolen information is used for unauthorized account access, fraud, or sold on the dark web.

Why it matters

Phishing is responsible for a significant portion of global cyber incidents. Even the most advanced security tools can be bypassed if a user is tricked into willingly handing over information. Organizations and individuals must remain vigilant, as phishing targets human behavior rather than technical vulnerabilities.

Examples

• An email pretending to be from PayPal asking a user to “verify their account.”
• Fake SMS messages (smishing) claiming to be from a delivery company with a malicious link.
• Spear phishing attacks targeting company executives with tailored emails to steal login credentials.