Phishing refers to the act of attempting to acquire private information such as user names, passwords, and credit card details by masquerading as a legitimate enterprise on the Internet. Electronic communications posing to be from popular social web sites, banks, auction sites, IT administrators or online payment processors are commonly used to scam unsuspecting public.
Phishing e-mails may sometimes contain links to websites infected with malware. The e-mails falsely claiming to be from a trustworthy entity are typically sent to a user to solicit private information that will then be used for identity theft.
Phishing usually comes in form of spoofing (pretending to be someone else) or instant messaging and it typically directs users to enter a website where they are asked to update personal information that the legitimate organisation already has (e.g. passwords, account numbers, credit card numbers, etc.). The website, however, is a fake and exists only for the purpose of stealing information.
Phishing is one of social engineering techniques used to deceive users, and one that exploits the inadequate usability of web security technologies available to Internet users. Numerous attempts to deal with the increasing number of reported phishing incidents include user training, legislation, public awareness, and technical security measures.
