Phishing
Also known as: phishing attack, fake email scam
A social engineering attack where scammers impersonate a trusted institution to trick you into handing over passwords, card numbers, or personal data.
Phishing is the most common online attack vector in 2026. Scammers send fake emails, texts, or websites that imitate banks, government agencies, delivery services, or familiar brands. The goal is to make the message look so legitimate that you click a link, log in to a fake page, or download an attachment that contains malware.
The word covers a family of related attacks: smishing (phishing by SMS), vishing (phishing by voice call), and quishing (phishing via QR code). Modern phishing increasingly uses AI to generate convincing copy in local languages, mimic real customer service tone, and even clone voice samples for follow-up calls.
The defense is procedural rather than technical: never click links in unsolicited messages, always navigate directly to a known URL, and use two-factor authentication on every account that supports it.