Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and traverses any additional security boundaries. Phishing remains the most prevalent type of cybercrime globally. While the Federal Bureau of Investigation's Internet Crime Complaint Center historically ranked it at the top, the threat has intensified significantly due to the integration of generative AI, which enables attackers to launch highly convincing, automated, and hyper-targeted phishing campaigns at an unprecedented scale.

The term "phishing" was first recorded in 1995 in the cracking toolkit AOHell, but may have been used earlier in the hacker magazine 2600. It is a variation of fishing and refers to the use of lures to "fish" for sensitive information.

Measures to prevent or reduce the impact of phishing attacks include legislation, user education, public awareness, and technical security measures. The importance of phishing awareness has increased in both personal and professional settings, with phishing attacks among businesses rising from 72% in 2017 to 86% in 2020, and reaching to 94% in 2023.

Phishing techniques and vectors include email spam, vishing (voice phishing), targeted phishing (spear phishing, whaling), smishing (SMS), quishing (QR code), cross-site scripting, and MiTM 2FA attacks.

Research literature identifies phishing as a persistent and evolving cybersecurity threat, with attacks increasingly incorporating advanced techniques such as automation and machine learning.