Phishing is a type of social engineering attack where an attacker attempts to obtain sensitive information like usernames, passwords or credit card details by pretending to be a trustworthy party to obtain that information. For example an attacker may try to obtain your credentials to your gmail account by sending an email that looks to be from google stating that your credentials need to be verified, and he may include a link to a fake website which looks exactly like gmail login page at the first glance. when you try to login to the site using your credentials attacker will get your credentials and may even display a message stating that you have successfully verified your login details and redirect you to the original gmail login so you can login to gmail.