A type of socially engineered attack whereby a user is presented with a seemingly plausible and often mundane request, and is tricked into divulging their authentication credentials to a facade. One common phishing attempt is an email that appears to be from the user’s IT department, claiming their account requires verification, with a link directing them to a lookalike website. When they log in to the fake website, their credentials are sent to the attacker, which the attacker can then use to impersonate the user on the real site.