Phishing is a cybercrime, a type of cyberattack that uses email, phone or text to entice individuals into providing personal or sensitive information, ranging from passwords, credit card information and social security numbers to details about a person or organization, which involves luring the user into providing sensitive and confidential information to the attacker. The information could include credit card details, username and passwords, bank details, etc. These phishing attacks occur through malicious emails, text messages and telephone calls. After obtaining the information, the attacker could commit crimes such as financial losses and identity thefts. The target could be an individual, an organization or a cluster in an organization. This paper provides an explanation on phishing attacks to create awareness and several countermeasures to overcome them. Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing is a form of social engineering where attackers deceive people into revealing sensitive information or installing malware such as ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim is navigating the site, and transverse any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Centre reporting more incidents of phishing than any other type of computer crime. It is characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication, such as an e-mail or an instant message. The term "phishing" was first recorded in 1995 in the cracking toolkit AOHell, but may have been used earlier in the hacker magazine . It is a variation of fishing and refers to the use of lures to "fish" for sensitive information. Measures to prevent or reduce the impact of phishing attacks include legislation, user education, public awareness, and technical security measures. The importance of phishing awareness has increased in both personal and professional settings, with phishing attacks among businesses rising from 72% to 86% from 2017 to 2020. Phishing often uses social engineering techniques to trick users into performing actions such as clicking a link or opening an attachment, or revealing sensitive information. It often involves pretending to be a trusted entity and creating a sense of urgency, like threatening to close or seize a victim's bank or insurance account. An alternative technique to impersonation-based phishing is the use of fake news articles to trick victims into clicking on a malicious link.