A phishing attack occurs when a malicious actor sends emails that seem to be coming from trusted, legitimate sources in an attempt to grab sensitive information from the target. Phishing attacks combine social engineering and technology and are so-called because the attacker is, in effect, fishing for access to a forbidden area by using the bait of a seemingly trustworthy sender.
To execute the attack, the bad actor may send a link that brings you to a website that then fools you into downloading malware such as computer viruses or giving the attacker your private information. In many cases, the target may not realize they have been compromised, which allows the attacker to go after others in the same organization without anyone suspecting malicious activity.
You can prevent phishing attacks from achieving their objectives by thinking carefully about the kinds of emails you open and the links you click on.
Pay close attention to email headers, and do not click on anything that looks suspicious. Check the parameters for Reply-to and Return-path. They need to connect to the same domain presented in the email. Hover your mouse over any links without clicking on them, to see where the link is pointing to.