Phishing is a form of social engineering where attackers deceive people into revealing sensitive information [1] or installing malware such as ransomware . Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. [2] As of 2020, it is the most common type of cybercrime, with the FBI 's Internet Crime Com
The term "phishing" was first recorded in 1995 in the cracking toolkit AOHell , but may have been used earlier in the hacker magazine 2600 . [4] [5] [6] It is a variation of fishing and refers to the use of lures to "fish" for sensitive information. [5] [7] [8]
Measures to prevent or reduce the impact of phishing attacks include legislation , user education, public awareness, and technical security measures. [9] The importance of phishing awareness has increased in both personal and professional settings, with phishing attacks among businesses rising from 72% to 86% from 2017 to 2020. [10]