The field of information security has realized many advances in the past few decades. Some of these innovations include new cryptographic techniques, network protocols, and hardware tokens. However, the weakest link in information security systems, human gullibility, remains extremely vulnerable. Even the strongest cryptographic algorithms are useless if a user is fooled into disclosing their authentication information. This chapter describes the threat of phishing in which attackers generally sent a fraudulent e-mail to their victims in an attempt to trick them into revealing private information. We start by defining the phishing threat and its impact on the financial industry. Next, we review different types of hardware and software attacks and their countermeasures. Finally, we discuss policies that can protect an organization against phishing attacks. An understanding of how phishers elicit confidential information along with technology and policy-based countermeasures will empower managers and end users to better protect their information systems.