Phishing is the attempt to trick you via email by pretending to be someone or some organization you trust in order to get you do to something that exposes your personal, confidential information or account credentials.
The most common examples of phishing emails are carefully crafted to appear as if they had come from a banking institution, directing the recipient to a web site which itself looks very much like the bank’s official website. The catch is that the email is not from the actual bank, and the website is a forgery. By fooling the visitor into thinking that the site is legitimate, the phishers can obtain that person’s log-in credentials when they attempt to log in to this fake site.
Some very poor yet surprisingly successful phishing attempts don’t use web sites at all, but simply portray themselves as a major online service in email. The email requests that the recipient reply with account information, often including username and password, for some made-up yet important-sounding reason.
Phishing is a type of social engineering where an attacker sends a fraudulent ("spoofed") message designed to trick a human victim into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, phishing is by far the most common attack performed by cyber-criminals, with the FBI's Internet Crime Complaint Centre recording over twice as many incidents of phishing than any other type of computer crime.
The first recorded use of the term "phishing" was in the cracking toolkit AOHell created by Koceilah Rekouche in 1995, however it is possible that the term was used before this in a print edition of the hacker magazine 2600. The word is a leetspeak variant of fishing (ph is a common replacement for f ), probably influenced by phreaking, and alludes to the use of increasingly sophisticated lures to "fish" for users' sensitive information.
Attempts to prevent or mitigate the impact of phishing incidents include legislation, user training, public awareness, and technical security measures.