Phishing is a social engineering attack that tries to trick victims into divulging personal, financial, or security information. A phishing attempt consists of an email message that looks to be from a company (like Microsoft, PayPal, or a banking institution) that asks the victim to update or verify personal information on the company's website. However, a link within the email message actually sends the victim to a fraudulent website that imitates the legitimate one. When the victim enters their username, password, credit card number, or other personal information into a form on the website, it sends that information to the scammers who run it.

Scammers can use phishing attacks for several goals. They are often after the victim's financial information, like their credit card number or bank account information. They may also want to hijack a victim's account on a specific website. For example, by stealing a victim's email login, they can access their inbox to find more personal information or send messages imitating the victim to scam others. Scammers may also want the victim's username and password from one website to try the same combination elsewhere. Targeted phishing attacks, called spear phishing, attempt to trick specific employees into sending credentials that allow attackers access to a company's internal network.

Identifying a Phishing Attempt

While many phishing email messages look convincing, there are some common signs you can look for. You can check the message's From field to see the domain that the email was sent from. You can also examine hyperlinks to see where they send you — these links often resemble the company's actual URL but include a subtle misspelling or deceptive subdomain (for example, Links may also point directly to an IP address instead of a domain name. The content of the email may contain misspellings and grammatical errors, and they are often written with a sense of urgency to get you to act quickly and without thinking.

If you have any doubt whether an email is legitimate, don't follow links or enter personal information. Instead, you can enter the correct website URL directly and log in as you otherwise would to see whether the system asks you to update your information. Finally, you should not reuse a username and password combination on multiple websites. If you do fall victim to a phishing attack, this prevents the scammers from accessing any other accounts.

Updated November 9, 2023 by Brian P.

quizTest Your Knowledge

Which term is synonymous with "Internet?"

World wide web
Social media
Correct! Incorrect!     View the Cyberspace definition.
More Quizzes →

The Tech Terms Computer Dictionary

The definition of Phishing on this page is an original definition written by the team. If you would like to reference this page or cite this definition, please use the green citation links above.

The goal of is to explain computer terminology in a way that is easy to understand. We strive for simplicity and accuracy with every definition we publish. If you have feedback about this definition or would like to suggest a new technical term, please contact us.

Sign up for the free TechTerms Newsletter

How often would you like to receive an email?

You can unsubscribe or change your frequency setting at any time using the links available in each email.

Questions? Please contact us.