From Wikipedia, the free encyclopedia
This phishing attempt, disguised as an official email from a (fictional) bank, attempts to trick the bank’s members into giving away their account information by “confirming” it at the phisher’s linked website.
A Geocities web page duplicating the Yahoo! login page.
In computing, phishing is a criminal activity using social engineering techniques. Phishers attempt to fraudulently acquire sensitive information, such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication. eBay and PayPal are two of the most targeted companies, and online banks are also common targets. Phishing is typically carried out by email or instant messaging, and often directs users to give details at a website, although phone contact has been used as well. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, and technical measures.
The first recorded mention of the term phishing is on the alt.online-service.america-online Usenet newsgroup on January 2, 1996, although the term may have appeared even earlier in the print edition of the hacker magazine 2600.A phishing technique was described in detail as early as 1987, in a paper and presentation delivered to the International HP Users Group, Interex. The term phishing is a variant of fishing, probably influenced by phreaking, and alludes to the use of increasingly sophisticated lures to “fish” for a user’s financial information and passwords. The word may also be linked to leetspeak, in which ph is a common substitution for f. The popular theory that it is a portmanteau of password harvesting is an example of folk etymology.