Of all the security threats that face IT, phishing stands out because it is not an attack on the technology – it is “social engineering,” getting incautious users to click seemingly innocuous links or visit seemingly harmless websites and allowing hackers to steal user names, passwords, financial data, or other information they can use. Today, phishing is usually a “gateway crime” – hackers often use it as a way to get the credentials to gain entry into the broader IT system and launch other attacks, such as ransomware.