What is email phishing?

Email phishing uses deceptive messages to steal information or enable fraud. Attackers impersonate trusted entities, create urgency, and direct recipients toward harmful actions: entering credentials, transferring money, or installing malware.

Phishing success depends on deception, not technical exploitation. Messages appear legitimate through brand mimicry, familiar language, and plausible scenarios. Victims act because they believe the message is genuine.

Impact includes: stolen credentials enabling account takeover, financial losses from fraudulent transfers, data breaches from malware installation, and organizational damage from compromised systems. Phishing is the entry point for most significant breaches.