What is phishing attack?
Phishing is a form of fraud in which the attacker tries to steal sensitive information such as usernames, passwords, and credit card details etc. The word is a neologism created as a homophone of fishing due to the similarity of using a bait in an attempt to catch a victim. The most common type of phishing scam, deceptive phishing refers to any attack by which fraudsters impersonate a legitimate company and attempt to steal people's personal information or login credentials.
Communications purporting to be from social web sites, auction sites, banks, online payment processors or IT administrators are often used to lure victims. Typically a victim receives a message that appears to have been sent by a known contact or organization. An attachment or links in the message may install malware on the user's device or direct them to a malicious website set up to trick them into divulging personal and financial information, such as passwords, account IDs or credit card details.
For example, PayPal scammers might send out an attack email that instructs them to click on a link in order to rectify a discrepancy with their account. In actuality, the link leads to a fake PayPal login page that collects a user's login credentials and delivers them to the attackers.