A technique for acquiring sensitive information, or accessing information, under the guise of legitimacy using digital technology, usually email. Its intent is to deceive someone into responding to what appears to be a known entity but is really a fake. Not all phishing is harmful; some organizations use it as a training and security assessment tool.