Phishing has evolved into one of the most adaptive and damaging cybersecurity threats, continually reshaping itself to exploit human behaviour, technical vulnerabilities, and, more recently, advances in artificial intelligence. As attack vectors diversify from traditional email scams to sophisticated, multi-stage, AI-generated, and hybrid phishing campaigns, defending against them has become significantly challenging. This survey provides a comprehensive and contemporary examination of the phishing landscape, tracing its evolution, analysing real-world incidents, and contextualising its growing impact through global statistics. We introduce a unified, multidimensional taxonomy that categorizes phishing attacks into distinct categories, providing a clearer understanding of how new attack techniques operate and escalate. In parallel, we review a broader range of phishing detection strategies, from list-based, heuristic, and similarity-driven techniques to modern machine learning and deep learning approaches. While these methods have advanced detection capabilities, they continue to face significant constraints related to data privacy, scalability, and the rapid emergence of novel attack patterns. Motivated by these limitations, the survey highlights the growing relevance of Federated Learning (FL) as a privacy-preserving and collaborative paradigm for phishing detection. To the best of our knowledge, this is the first comprehensive survey to examine phishing defence through the lens of FL. In particular, we examine the role of FL in enabling decentralized, privacy-aware detection without exchanging raw data, compared to centralized training in terms of performance, privacy guarantees, resilience, and scalability. Drawing from this analysis, we offer valuable insights into critical research gaps and future directions for developing robust, scalable, and privacy-aware phishing detection solutions.