is an Internet scam
used to gain personal information that uses spoofed e-mail addresses and fraudulent Web sites
to masquerade as legitimate business sites. The fake sites are designed to fool respondents into entering personal financial data such as credit card numbers, account user names, and passwords, which can then be used for financial theft or identity theft. The e-mail directs the user to visit a Web site where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has. The Web site, however, is bogus and set up only to steal the user’s information but it may also contain malicious code which can spread infection
Phishing, also referred to as brand spoofing
, was derived from "fishing", the idea being that bait is thrown out with the hopes that some will be tempted into biting. It is essentially an old con game updated to take advantage of new technology. A "Spoof Site
" is a fraudulent site usually linked from a phishing email that look like well-known websites. "Spear Phishing
" is used to describe the trend toward highly targeted and co-ordinated attacks at a specific organisation or individual designed to extract critical data.