A type of social engineering attack where attackers impersonate legitimate organizations to steal sensitive information such as usernames, passwords, and credit card details.
Phishing attacks often come via email, text, or voice calls and are designed to look like they come from reputable sources. They're a common way to compromise insider credentials, leading to unauthorized access and potential insider threats. Modern phishing includes spear phishing (targeted) and whaling (targeting executives).