Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious software on the victim's infrastructure like ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim.121 As of 2020, phishing is by far the most common attack performed by Cybercriminals, the FBI's Internet Crime Complaint Centre recording over twice as many incidents of phishing than any other type of computer crime.
An example of a phishing email, disguised as an official email from a (fictional) bank. The sender is attempting to trick the recipient into revealing confidential information by "confirming" it at the phisher's website. Note the misspelling of the words received and discrepancy as recieved and discrepency, respectively.
The first recorded use of the term "phishing" was in the cracking toolkit AOHell created by Koceilah Rekouche in 1995 however, it is possible that the term was used before this in a print edition of the hacker magazine 2600, The word is a leetspeak variant of fishing, probably influenced by phreaking, and alludes to the use of increasingly sophisticated lures to "fish" for users' sensitive information.
Attempts to prevent or mitigate the impact of phishing incidents include legislation, user training, public awareness, and technical security measures. Phishing awareness has become important at home and at the work place. For instance, from 2017 to 2020, phishing attacks have increased from 72% to 86% among businesses.
