What is phishing?

Phishing is **social engineering** attack using digital communication to deceive victims. While email is the primary channel, **phishing** also occurs via SMS (smishing), voice calls (vishing), and messaging apps. The technique predates digital communication.

The name derives from "fishing" for victims, using bait (deceptive messages) to hook targets. "Ph" spelling connects to early hacker culture (phone phreaking). The metaphor captures the technique: casting broadly, waiting for bites.

Phishing works because humans are the vulnerability. Technical defenses can be bypassed; trained attackers exploit trust, urgency, and authority. Defense requires both technical filtering and human awareness.