Phishing is a method of social engineering which relies on deception to fool unsuspecting users into giving account information, financial information, and other information which is useful to the attacker. Historically it has been mostly conducted by written correspondence, but more recently attacks have been conducted over the phone and via platforms such as Skype. The advent of strong spam protection has led to a reduction in successful cases of phishing, but nevertheless they remain a reliable tactic to infiltrate networks and gain account information.
A very common method of phishing involves sending an e-mail purportedly to be from an organization the target may or may not do business with, such as Paypal, eBay, or Amazon. The e-mail will most often contain a malware link of some sort, or a fake login screen which captures the credentials of the target. Attackers often pretend that the user has won a prize or that there is a problem with their account. Here is a random example from the author's ten year old e-mail account, which receives more spam than anything (none of which makes it to the inbox after all this time):
While phishing originated with such scams as the Nigerian Prince Scam, it is also a reliable method used to breach systems. Rather than false login screens or personal information, phishing in this case is used to gain access to sensitive databases, or much higher hanging fruits than mere credit card details. Following the OPM hack, phishing e-mails were generated purporting to be the fraud prevention program that the government had issued to all affected parties.