ScamScan Dictionary

Definition of 'Phishing'

Phishing is a term used to describe a particular method of obtaining sensitive information from people. This is usually done by sending out large numbers of legitimate looking emails that redirect the user to a specially created web site that logs the victim's passwords.

Phishing emails have become increasingly sophisticated, and will now normally look identical to a legitimate email sent from the victim site, even down to the images used. One common theme in a phishing email is a link to a secure log in web site, and text encouraging the user to click on the link to check their account.

This link will direct the user to a specially written web site, which (once again) will look identical to the normal login page for the victim site. These web sites are normally hosted on compromised computers (either servers, or even people's home machines) or even hosting services purchased using stolen credit card details.
There has been an increasing trend in using domain names that are similar to to victim site's domain name, but are not controlled by the victim site, making the phishing web site look more legitimate.
Anyone can be affected by a phishing email - regardless of operating system or mail client being used, if the user clicks on the links in the phishing email they will be sent to the phishing web site. Once on the web site, if the user enters their username and password (or other sensitive information) then the information will be sent to the people running the phishing campaign.

It is extremely easy to avoid becoming a victim of phishing - never click on a link in an email, unless you're expecting an email. Always start your web browser and enter the company's address yourself (bookmarking the home page of sites you visit will make it easier).