Phishing is a fraudulent attempt to obtain sensitive information or data, such as usernames, passwords and credit card details, by disguising oneself as a trustworthy entity in an electronic communication. Typically carried out by email spoofing, instant messaging, and text messaging, phishing often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site. 

Phishing was the second leading attack vector for all organizations in 2019 (43%). Social engineering exploits human behavior when an attacker manipulates the victim into taking some action that enables the attacker to access an organization’s network or data. This most often occurs by inducing the victim to provide their password into a malicious web form — a method known as “credential harvesting.” These emails may contain a link to an infected website or include an attachment such as a Word document that contains macros.