Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware. Phishing is typically carried out by email spoofing or instant messaging and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.
Phishing is the attempt to acquire sensitive
information such as usernames, passwords,
and credit
card details (and sometimes, indirectly, money),
often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.[1][2]
The word is a neologism
created as a homophone
of fishing
due to the similarity of using fake bait
in an attempt to catch a victim. Communications purporting to be from popular
social web sites, auction sites, banks, online payment processors or IT
administrators are commonly used to lure unsuspecting public. Phishing emails
may contain links to websites that are infected with malware.[3]
Phishing is typically carried out by email spoofing[4]
or instant
messaging,[5]
and it often directs users to enter details at a fake website whose look and feel
are almost identical to the legitimate one. Phishing is an example of social engineering techniques
used to deceive users,[6]
and exploits the poor usability of current web security technologies.[7]
Attempts to deal with the growing number of reported phishing incidents include
legislation,
user training, public awareness, and technical security measures. Many websites
have now created secondary tools for applications, like maps for games, but
they should be clearly marked as to who wrote them, and users should not use
the same passwords anywhere on the internet.