Security glossary
What is phishing?
Phishing is when attackers pretend to be trusted brands or people to trick you into giving passwords, codes, or payment details.
Last reviewed: 2026-05-23
In plain English
Phishing usually arrives by email, but it can also show up in texts, DMs, and fake support calls.
Attackers use urgency to make people act fast: account locked, refund expired, suspicious login, invoice due.
Breach data makes phishing stronger because attackers can reference real names, services, or old account details.
Real-world example
You get an email saying your streaming payment failed and you must re-enter your card details in the next 15 minutes.
What you should do
- Open services directly from your own bookmark, not the message link.
- Never share one-time codes in chat, email, or phone calls.
- Turn on MFA and unique passwords for email and banking accounts.
Related terms
What is a phishing campaign?
A phishing campaign is a coordinated wave of scam messages built around one story, like refunds, invoices, or security alerts.
What is social engineering?
Social engineering is psychological manipulation used to make people share information or approve harmful actions.
What is smishing (SMS phishing)?
Smishing is phishing through text messages, usually using fake delivery, banking, or refund alerts.