Phishing uses deceptive emails to steal credentials, install malware, or trick users into performing actions — the #1 initial access vector in breach reports year after year.
Generic phishing: mass-sent, low personalization. Spear phishing: targeted, researched, highly convincing. Whaling: targeting executives. Vishing: phone-based. Defense: email filtering (DMARC, sandboxing), user training with simulations, MFA (makes stolen credentials less valuable). Report suspicious emails, don't just delete them.