Definition

phishing

Phishing is an e-mail fraud method in which the perpetrator sends out legitimate-looking email in an attempt to gather personal and financial information from recipients. Typically, the messages appear to come from well known and trustworthy Web sites. Web sites that are frequently spoofed by phishers include PayPal, eBay, MSN, Yahoo, BestBuy, and America Online. A phishing expedition, like the fishing expedition it's named for, is a speculative venture: the phisher puts the lure hoping to fool at least a few of the prey that encounter the bait.

Phishers use a number of different social engineering and e-mail spoofing ploys to try to trick their victims. In one fairly typical case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOL Billing Center" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords. This information was used for identity theft.

The FTC warns users to be suspicious of any official-looking e-mail message that asks for updates on personal or financial information and urges recipients to go directly to the organization's Web site to find out whether the request is legitimate. If you suspect you have been phished, forward the e-mail to spam@uce.gov or call the FTC help line, 1-877-FTC-HELP.

Resources from around the Web

Phishing - Wikipedia, the free encyclopedia
Explains some common phishing methods and dangers.
en.wikipedia.org/wiki/Phishing 

Anti-Phishing Working Group
Our mission is to provide a resource for information on the problem and solutions for phishing and email fraud.
www.antiphishing.org/

OnGuard Online - Phishing
Phishing section of an informational website run by the US Federal Trade Commission. Offers advice on how to spot, avoid and report phishing attacks.
onguardonline.gov/phishing.html

Recognize phishing scams and fraudulent e-mails
Phishing is a type of e-mail scam designed to steal your identity. Learn more about how this scam works and what a phishing e-mail message may look like.
www.microsoft.com/protect/yourself/phishing/identify.mspx

Avoid Getting 'Hooked' By Phishers
The most common form of phishing is emails pretending to be from a legitimate ... A spam filter can help reduce the number of phishing emails you get. ...
www.fraud.org/tips/internet/phishing.htm

This was last updated in May 2007
Posted by: Margaret Rouse

Email Alerts

Register now to receive SearchSecurity.com-related news, tips and more, delivered to your inbox.
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

More News and Tutorials

Do you have something to add to this definition? Let us know.

Send your comments to techterms@whatis.com

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: