(redirected from Phishing scam)
Also found in: Dictionary, Financial.


("brand spoofing", "carding", after "fishing") /fishing/ Sending e-mail that claims to be from some well-known organisation, e.g. a bank, to trick the recipient into revealing information for use in identity theft. The user is told to visit a web site where they are asked to enter information such as passwords, credit card details, social security or bank account numbers. The web site usually looks like it belongs to the organisation in question and may silently redirect the user to the real web site after collecting their data.

For example, a scam started in 2003 claimed that the user's eBay account would be suspended unless he updated his credit card information on a given web site.


Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their bank or retail establishment. E-mails can be sent to people on selected lists or any list, expecting some percentage of recipients will actually have an account with the organization.

E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid website. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.

Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target website and make mass mailings. It may even include lists of e-mail addresses (how thoughtful of people to create these kits!). In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at See pharming, vishing, smishing and twishing.

"Spear" Phishing and Longlining
Spear phishing is more targeted and personal. The message supposedly comes from someone in the organization everyone knows, such as the head of human resources. It could also come from someone not known by name, but with an authoritative title such as LAN administrator. If even one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.

The "longline" variant of spear phishing sends thousands of messages to the same person, expecting that the individual will eventually click a link. The longlining term comes from using a large number of hooks and bait on a long fishing line, and mobile phones are major targets for this approach.
References in periodicals archive ?
To avoid phishing scams, be suspicious of any email message that asks you to enter or verify personal information through a website or by replying to the message itself.
Phishing scams usually arrive as spam email, mimicking the style and logos of well-known internet brands, and contain links to web sites mocked up to look like the real thing and ask users to enter credit card information.
Representatives of Liberty Tax Service are available to discuss phishing scams and to make presentations to local groups who might be interested in learning more.
A recently-published Softpedia article detailed a study conducted by researchers at the Polytechnic Institute of New York University (NYU-Poly) which determined that women who--according to a personality assessment--were neurotic were most likely to fall for phishing scams (2).
JACQUI KENNEDY, head of regulatory services at Birmingham City Council, which runs the Trading Standards team, dishes out advice on how to avoid being the victim of phishing scams.
The bank warned the public on Tuesday to be wary of a phishing scam in which hackers lure people to a fake central bank Web site.
Often users are not even aware that they have fallen victim to a phishing scam as the cloned site appears genuinely authentic by using parts of the real website as well as a site re-direction gimmicks.
SurfControl, plc (LSE: SRF), the global leader in Internet content protection, today said that its Global Threat Experts have identified a phishing scam with a unique twist -- rather than phishers attempting to redirect recipients to fraudulent Web sites which harvest passwords and account information, this phish targeting the Chase Bank customers, uses only a telephone number as a method of contact.
Unfortunately this is not the only phishing scam to result from the London bomb attacks.
The classic case of a phishing scam is an unsolicited e-mail purporting to be from a credit union or bank, a credit card company, an Internet service provider or an online business such as eBay or Paypal.
After a joint investigation by the Department of Justice and the Federal Trade Commission, Hill agreed this spring to plead guilty to the phishing scam in which he sent e-mails to AOL customers purporting to be from an "AOL Billing Specialist.
When CFI became aware of the phishing scam, the firm conducted an inadequate investigation and sent a misleading notification letter to approximately 1,400 affected customers and their brokers.