What is email phishing?

Email **phishing** uses deceptive messages to steal information or enable fraud. Attackers impersonate trusted entities, create urgency, and direct recipients toward harmful actions: entering credentials, transferring money, or installing **malware**.

Phishing success depends on deception, not technical exploitation. Messages appear legitimate through brand mimicry, familiar language, and plausible scenarios. Victims act because they believe the message is genuine.

Impact includes: stolen credentials enabling **account takeover**, financial losses from fraudulent transfers, data breaches from **malware** installation, and organizational damage from compromised systems. Phishing is the entry point for most significant breaches.