Phishing is a technique used by malicious actors whereby they misrepresent themselves, usually though email or text, as being a reliable or trustworthy source in an attempt to gather sensitive information. The initiator of a phishing attempt hopes to "lure" you into either providing sensitive information such as usernames, passwords, personal information, credit card data, or entice you to click on a link to malware. This technique is frequently used as a prelude to ransomware attacks.
Frequently the malicious actor will attempt to impersonate:
For executives and managers of service providing departments, malicious actors may attempt to impersonate an employee requesting service using their personal account. High level managers can receive phishing emails on a daily basis.
There are some telltale signs that the email you received is a phishing attempt.
Most phishing attempts are executed in bulk. One malicious actor may attempt to phish hundreds of thousands of people at once. Their payoff comes from executing a large number of attempts so that even if they are successful with a small percentage, they still have a good number of successes. Some malicious actors focus on a smaller group of targeted attacks.
Targeted phishing attacks are called spear-phishing attacks. With a spear-phishing attack, the malicious actor researches an organization and target their victims with tailored messaging. The attack can be as simple as directing the victim to a clone of the organization's website, or as sophisticated as taking advantage of vulnerabilities in technology or software used by the organization.
For more information see the "The Fly Phishing Hack that Cost Millions" YouTube video.
Malicious actors using phishing may have different goals. Recovery from a phishing attack will depend the goal of the malicious actor. The two most common goal are identity theft and malware.
If the malicious actors goal was to entice you to click on a malware link:
If the malicious actors goal was identity theft and fraud: