Phishing is when an attacker tricks a victim into revealing sensitive personal, corporate, or financial information (e.g. account numbers, login IDs, passwords), whether through sending fraudulent or “look-alike” emails or luring end-users to copycat websites.