What is "Phishing"? (***Note***)
Webopedia.com (a good site to look up internet terms and more) defines phishing as:
(fish´ing) (n.) The act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. The e-mail may direct the user to visit a Web site (where they are asked to update personal information, such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has) or may ask for a email response (again asking for such as passwords and credit card, social security, and bank account numbers, that the legitimate organization already has). The Web site and email request , however, are bogus and set up only to steal the user's information. For example, 2003 saw the increase of phishing scams in which users received e-mails supposedly from eBay or Citi Bank claiming that the user's account was about to be suspended unless he clicked on the provided link and updated the credit card information that the company already had.
Because it is relatively simple to make a Web site look like a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by the company. The customers were tricked into giving their account information to the "phisher". By spamming large groups of people, the "phisher" counted on the e-mail being read by a percentage of people who actually had listed credit card numbers legitimately with these companies, and that some would be fooled.
Phishing is also referred to as brand spoofing or carding and, like fishing, the scammer hopes that while most will ignore the bait, some will be tempted into biting.
Below is an example of a new type where the email looks like it is from our office:
----- Begin Example Email -----
To: not a real email firstname.lastname@example.org
Sent: Friday, May 27, 2005 9:06 PM
Subject: Notice: **Last Warning**
We regret to inform you that your account has been suspended due to the violation of our site policy, more info is attached.
----- End Example Email -----
We have seen this come with an attachment and/or a link. In either case, this is a scam. First, we do not email attachments to any customer unless we have been working with you on the phone, or we have sent out a contact email informing you we will be sending an attachment before we actually send it. The second give away that these emails do not come from us is the fact that the emails lack contact information. All emails from this office normally include the staff members name and the office phone number.