The overall goal of a phishing attack is usually to gain sensitive data such as logins and passwords from their victims in order to access the targeted network or company .
One of the main purposes of doing this is to get a foothold into the device/network to gather and find the information they want. This is mainly for financial gain so it could be credit card details, or something more sinister such as personal information for them to sell on the dark web. Sometimes they may directly try to manipulate users into providing them with their bank details, or they may go down the malware route.
Phishing attacks are one of the simpler social engineering tricks that hackers use as less work is involved. There is no complex hacking needed, and like many other social engineering tactics, it relies on the manipulation of human nature to provide access without the user realising it. This means that your computer/device/network can have the strongest cyber security software from antivirus and anti-malware to end to end security, and still be a victim of a phishing attack. This is because they target the weakest link in the chain; the users.