Phishing is a common attack used by criminals to obtain sensitive information, such as login credentials and payment details, from users. It happens when an attacker, posing as a trusted source, tricks a victim into clicking on a malicious link or downloading a spam file sent via email, text messages, phone calls or social media.