Phishing is the act of masquerading as a trustworthy person or business to fraudulently acquire sensitive information, such as passwords and credit card details, that a victim might think reasonable to share with such an entity. Phishing usually involves seemingly official electronic notifications or messages, such as e-mails or instant messages. It is a form of social engineering.
The term phishing was coined in the mid-1990s by black-hat computer hackers attempting to gain access to AOL accounts. An attacker would pose as an AOL staff member and send an instant message to a potential victim. The message would ask the victim to reveal his or her password to "verify your account" or to "confirm billing information". Once the victim gave their password, the attacker could access the victim's account and use it for criminal purposes, such as spamming.
Fraudsters have widely used e-mail spam messages posing as large banks like Citibank, Bank of America, or PayPal in phishing attacks. These fraudsters copy the code and graphics from legitimate websites and use them on their own sites to create legitimate-looking scam web pages. These pages are so well done that most people cannot tell that they have navigated to a scam site.
Phishers will also add what appears to be a link to a legitimate site in an e-mail, but use specially-crafted HTML source code that actually links to the scammer's fake site. Such links can be often revealed by using the "view source" feature in the e-mail application to look at the destination of the link, or by putting the mouse pointer over the link and looking at the URL then displayed in the status bar of the web browser.
The small percentage of people that fall for such phishing scams, multiplied by the sheer numbers of spam messages sent, presents the fraudster with a substantial incentive to keep doing it.
See also: Anti-phishing
Read more about this topic: Internet Fraud