Phishing attacks pose a significant threat to investment banks, exploiting human vulnerabilities to access sensitive data and financial assets. As custodians of vast monetary resources and confidential client information, these institutions face severe risks, including financial losses, reputational harm, data breaches, and regulatory penalties. Phishing's reliance on social engineering makes it difficult to predict and counter using traditional security measures. This study examines the vulnerabilities exposed by phishing attacks in investment banks, analyzes the financial and reputational consequences, and explores effective mitigation strategies. By identifying key risks and best practices, this research aims to enhance the resilience of investment banks against evolving phishing threats.