What is phishing
Last updated: April 1, 2026
Key Facts
- Phishing emails often impersonate legitimate companies like banks, PayPal, Apple, or government agencies
- Attackers use phishing to steal login credentials, financial information, or install malware on victims' devices
- Red flags include suspicious sender addresses, urgent language, spelling errors, and requests for sensitive information
- Businesses and individuals lose billions of dollars annually to phishing attacks
- Multi-factor authentication and email security training are effective defenses against phishing
What is Phishing?
Phishing is a type of social engineering attack used by cybercriminals to obtain sensitive personal and financial information. Attackers send fraudulent communications that appear to come from trusted sources, tricking recipients into clicking malicious links or downloading harmful attachments. The term 'phishing' comes from fishing, as attackers 'cast a line' hoping unsuspecting users will bite. Unlike hacking, which exploits technical vulnerabilities, phishing exploits human psychology and trust.
How Phishing Attacks Work
A typical phishing attack begins with a fraudulent email designed to mimic a legitimate company. The message may claim your account needs verification, there's an urgent security issue, or you've won a prize. Links in the email direct to fake websites that closely resemble the real ones. When victims enter their credentials or personal information on these counterfeit sites, attackers capture the data. Some phishing emails contain malware attachments that, when opened, install software to steal information or lock files for ransom.
Types of Phishing
Phishing takes various forms to maximize success rates. Spear phishing targets specific individuals with personalized information making messages more convincing. Whaling targets high-level executives with large access privileges. Smishing uses SMS text messages instead of email. Vishing uses phone calls where attackers pose as customer service representatives. Clone phishing duplicates legitimate emails but with malicious links substituted. Business Email Compromise (BEC) impersonates company executives to authorize fraudulent wire transfers.
Warning Signs and Prevention
Users should watch for suspicious sender addresses, generic greetings, spelling mistakes, and urgent requests for sensitive information. Hover over links to see the actual URL before clicking. Legitimate companies never request passwords via email. Enable multi-factor authentication for important accounts, which prevents unauthorized access even if passwords are compromised. Keep software updated and use antivirus protection. Organizations should provide employee security training and implement email filtering to block phishing attempts.
Related Questions
How can I tell if an email is phishing?
Check for suspicious sender addresses, generic greetings, urgent language, poor grammar, requests for sensitive information, and suspicious links. Legitimate companies never ask for passwords via email, and their sender addresses use official domain names.
What should I do if I receive a phishing email?
Don't click any links or download attachments. Report it to your email provider and the company being impersonated. Delete the email. If you already entered information, change your passwords immediately and monitor your accounts for suspicious activity.
What is the difference between phishing and spam?
Spam is unsolicited bulk email (usually advertisements) that's annoying but not malicious. Phishing is a targeted attack designed to deceive you into revealing sensitive information or infecting your device with malware.
More What Is in Daily Life
- What Is a Credit ScoreA credit score is a three-digit number, typically ranging from 300 to 850, that represents your cred…
- What Is CD rates make no sense based on length of time invested. Explain like I'm 5CD (Certificate of Deposit) rates often don't increase with longer lock-up times the way people expe…
- What is a phdA PhD (Doctor of Philosophy) is a doctoral degree earned after completing advanced academic research…
- What is a polymathA polymath is a person with deep knowledge and expertise across multiple different fields or academi…
- What is aaveAAVE stands for African American Vernacular English, a dialect with distinct grammar, pronunciation,…
- What is aarch64ARMv8-A (commonly called ARM64 or AArch64) is a 64-bit processor architecture developed by ARM Holdi…
- What is about menTopics and discussions about men typically encompass masculinity, male identity, gender roles, men's…
- What is abiturAbitur is the German academic qualification awarded upon completion of secondary education, typicall…
- What is abrosexualAbrosexual is a sexual orientation identity where a person's sexual attraction changes or fluctuates…
- What is abgABG is an Indonesian acronym standing for 'Anak Baru Gede,' which refers to adolescent girls or teen…
- What is aaaAAA batteries are a standard cylindrical battery size measuring 10.5mm in diameter and 44.5mm in len…
- What is aacAAC (Advanced Audio Codec) is a digital audio compression format that provides better sound quality …
- What is aaa gameAAA games are high-budget video games developed by large studios with budgets typically exceeding $1…
- What is a proxyA proxy is a server that acts as an intermediary between your device and the internet, forwarding yo…
- What is ableismAbleism is discrimination and prejudice against people with disabilities based on the assumption tha…
- What is absAbs, short for abdominal muscles, are the muscles in your core that flex your spine and stabilize yo…
- What is abortionAbortion is a medical procedure that ends pregnancy by removing the fetus before viability. It can b…
- What is accutaneAccutane (isotretinoin) is a powerful prescription medication derived from vitamin A used to treat s…
- What is acetaminophenAcetaminophen, also known as paracetamol, is an over-the-counter pain reliever and fever reducer use…
- What is acidAcid is a chemical substance that donates protons (hydrogen ions) to other substances, characterized…
Also in Daily Life
- How To Save Money
- Why are so many white supremacist and right wings grifters not white
- Does "I'm 20 out" mean youre 20 minutes away from where you left, or youre 20 minutes away from your destination
- Why are so many men convinced that they are ugly
- What does awol mean
- What does asl mean
- What does ad mean
- What does asap mean
- What does apex mean
- What does asmr stand for
- What does atp mean
- What causes autism
- What does abg mean
- What does am and pm mean
- What does a fox sound like
More "What Is" Questions
Trending on WhatAnswer
Browse by Topic
Browse by Question Type
Sources
- Wikipedia - Phishing CC-BY-SA-4.0
- CISA - Phishing Public Domain