Phishing is the attempt to represent one’s self – typically via email – as someone or some organization that one is not for the purposes of maliciously acquiring sensitive information from the recipient of the email, or target.
The most common examples are emails that are carefully crafted to appear as if they had come from a banking institution, directing the recipient to a web site which itself looks very much like the bank’s official website.
The gist of the scam is that the email is not from the actual bank, and the website is a forgery. By fooling (so called spoofing) the visitor into thinking that the site is legitimate the phishers can then obtain that persons login credentials when they attempt to log in to this fake site.
Some very poor, yet surprisingly successful, phishing attempts don’t use web sites at all, but simply portray themselves in email as a major online service.
The email requests that the recipient reply with account information often including username and password for some made up, yet important-sounding reason.
Once compromised into handing over sensitive information, it’s very difficult for the victim to extricate themselves without drastic steps such as personally contacting their bank fraud division.