(redirected from Phishing site)
Also found in: Dictionary, Financial.


("brand spoofing", "carding", after "fishing") /fishing/ Sending e-mail that claims to be from some well-known organisation, e.g. a bank, to trick the recipient into revealing information for use in identity theft. The user is told to visit a web site where they are asked to enter information such as passwords, credit card details, social security or bank account numbers. The web site usually looks like it belongs to the organisation in question and may silently redirect the user to the real web site after collecting their data.

For example, a scam started in 2003 claimed that the user's eBay account would be suspended unless he updated his credit card information on a given web site.


Pronounced "fishing," it is a scam to steal valuable information such as credit card and social security numbers, user IDs and passwords. Also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their bank or retail establishment. E-mails can be sent to people on selected lists or any list, expecting some percentage of recipients will actually have an account with the organization.

E-Mail Is the "Bait"
The e-mail states that due to internal accounting errors or some other pretext, certain information must be updated to continue your service. A link in the message directs the user to a Web page that asks for financial information. The page looks genuine, because it is easy to fake a valid website. Any HTML page on the Web can be copied and modified to suit the phishing scheme. Rather than go to a Web page, another option is to ask the user to call an 800 number and speak with a live person, who makes the scam seem even more genuine.

Anyone Can Phish
A "phishing kit" is a set of software tools from phishing developers that help the novice phisher copy a target website and make mass mailings. It may even include lists of e-mail addresses (how thoughtful of people to create these kits!). In the meantime, if you suspect a phishing scheme, you can report it to the Anti-Phishing Working Group at See pharming, vishing, smishing and twishing.

"Spear" Phishing and Longlining
Spear phishing is more targeted and personal. The message supposedly comes from someone in the organization everyone knows, such as the head of human resources. It could also come from someone not known by name, but with an authoritative title such as LAN administrator. If even one employee falls for the scheme and divulges sensitive information, it can be used to gain access to more of the company's resources.

The "longline" variant of spear phishing sends thousands of messages to the same person, expecting that the individual will eventually click a link. The longlining term comes from using a large number of hooks and bait on a long fishing line, and mobile phones are major targets for this approach.
References in periodicals archive ?
AOL is also working internally and with other partners to identify and block phishing sites.
Shantanu Ghosh, vice- president ( India product operations), Symantec, told MAIL TODAY that in July several phishing sites were observed to be spoofing social- networking brands.
He said most of the phishing sites either ask people to update their bank accounts or credit card details or offer jobs across the world.
While quick detection and shut down of phishing sites is vital, the most damage is done during the first 12 hours, making it crucial for brands to stop phishing emails from reaching as many inboxes as possible in order to protect consumers and reduce losses," said Melbourne IT DBS Director of Global Intelligence Operations, Dan Whetzel.
By utilizing hundreds of sites on a web server with a single compromise, phishers can greatly leverage stolen resources to create a wide web of phishing sites," said Rod Rasmussen, President and CTO of Internet Identity and co-author of the report.
The latest update to Webroot SecureAnywhere protection introduces real-time anti-phishing technology to quickly analyze a website when it is accessed by a user and automatically block it if it is a phishing site.
In this case, the profile page contained a link to a phishing site.
When we find a new phishing site, we send the information to MarkMonitor, a company that adds these phony sites to blacklists.
Another warning pops up after users enter their names and passwords on the phishing site and are redirected back to Facebook.
We're pleased to see that phishing site lifetimes are being positively affected," said Rod Rasmussen, co-author of the study and CTO of Internet Identity.
APWG industrial advisory offers valuable reference guide for webmasters whose sites have been compromised to host a phishing site
Through its real-time Internet monitoring capabilities, Cyveillance is able to offer the industry's most accurate, comprehensive and up-to-date phishing site detection data feed.