Phishing is a scam that uses fraudulent emails and phony websites to trick visitors or recipients into revealing valuable personal information such as passwords, credit card account numbers, online banking user identification numbers, social security numbers, and other sensitive data. Most phishing scams falsely claim to be from a trusted person or organization to lure unsuspecting users to reveal their private information.
A common approach used by phishers is to send a fake e-mail that claims to come from a trustworthy source and contain a subject and message meant to frighten or alert the recipient into taking immediate action. The e-mail scam usually tells the user of a problem with their account and that they must update or reactivate the account. The e-mail provides the user a link that redirects him or her to a fake website, controlled by a fraudster, and claims to be that of a trustworthy institution. Once at the fake website, the user is asked to provide information such as a bank account number or password which is then captured by the fraudster.
This phishing e-mail scam can be targeted, where the fraudster has details about the user, or indiscriminately circulated on a grand scale through Spam. Fraudster may use Internet addresses disguised to look almost identical with that of a trustworthy company.
Malware authors, phishers and spammers are increasingly targeting popular web-based mail clients to launch malicious phishing attacks to promote their services and products. Phisers can adapt quickly and devise new techniques to ensure they can target the highest number of users as quickly as possible in the shortest time span achievable.