phishing

the criminal activity of persuading people to give personal information such as passwords and credit card details by directing them to a fake website which has been made to look exactly the same as the website of a legitimate bank or other organisation

In recent months, a major new Internet crime wave has emerged. An increasing number of consumers are being conned into divulging financial information to fraudsters via the practice of phishing. An official-looking e-mail, allegedly from a bank, ISP, etc, is sent to potential victims, requesting updated personal information on some pretext or other, such as technical problems or internal accounting errors. Via a link in the e-mail message, the user is then directed to a web page which asks for financial information. The fake web page can look convincingly similar to a legitimate source, since any HTML page on the web can easily be copied and modified as necessary.

British police recently estimated that phishing crimes cost UK banks in the region of
£60 million

British police recently estimated that phishing crimes cost UK banks in the region of £60 million during 2003, and in the United States the economic toll was even worse, costing American banks and credit card companies an estimated $1.2 billion.

The noun phishing typically appears in compound phrases such as a phishing scam/e-mail, and the countable noun phisher has been coined to refer to perpetrators of the crime. There are two phish homographs: a transitive verb usually used in the passive as in you've been phished! – i.e. 'you have fallen victim to a phishing scam' – and a countable noun most commonly used to refer to the e-mail that triggers the deception. A participle adjective phished is also quite common, as in phished e-mail/site/data.

Background – phishing and phish

The term phishing has been around in computer hacker culture since the mid-1990s, where it originally referred more generally to the practice of acquiring password information in order to infringe security barriers. Its use specifically in the context of Internet-based financial crimes is more recent. The word is derived from a deliberate misspelling of fish in its verbal sense of trying to obtain information. The analogy of 'trying to catch (a fish)' is often carried over as well. For instance, the use of phish as a noun to refer to the e-mail which tricks the victim is related to the idea of fish as 'bait'. Discussions of the practice often also include fishing references such as phishing lines, a phishing expedition, get caught/hooked by a phish.