An activity whereby a cyber-criminal attempts to acquire private or sensitive information – often username/password combinations or credit card details – directly from an unsuspecting victim. Typically the main weapon in a phishing attack is a spoof website or email message that takes the victim to a fake login page that closely imitates an authentic one (such as a login page on a banking login website) in order to extract the relevant information from the victim.