A phishing attack is a type of attack that usually aims to steal the user's personal information by tricking them into clicking on malicious links in emails or running malicious files on their computer.

Phishing attacks fall into the "Delivery" phase of the Cyber Kill Chain model created to analyze cyber-attacks. The 'delivery' phase is where the attacker transfers the pre-arranged malicious content to the victim systems/people.

The attackers usually aim to get victims to click on the malicious link in the email by using tricky phrases such as "you have won a gift", "don't miss out on the big discount", "if you don't click on the link in the email your account will be suspended".

Phishing is the most common initial attack vector.

Of course, the purpose of the attack is not to steal the user's password information, but to exploit the human factor, the weakest link in the chain. Attackers use phishing attacks as a first step to infiltrate systems.