Phishing is a cyberattack that relies on social engineering to try to steal valid login credentials from unsuspecting users, in order to carry out illicit activity.
The user is then fooled into entering authentication credentials, as they assume that they are (for example) logging into a familiar account that they regularly use. In fact, upon entry the credentials are delivered instead to the attacker, who is then free to reuse them to enter the user's actual account, or any other accounts on which the user has selected the same username and password.
Most phishing today occurs by email, and takes the form of a warning, entreaty, or other call to action along with a link to a false copy of a familiar website.
