Phishing refers to the process of tricking recipients into sharing sensitive information with an unknown third party.
Typically, you receive an e-mail that appears to come from a reputable organisation, such as a bank. The e-mail includes what appears to be a link to the organisations website. However, if you follow the link, you are connected to a replica of the website. Any details you enter, such as account number, PINs or passwords, can be stolen and used by the hackers who created the bogus site.
Sometimes the link displays the genuine website but superimposes a bogus pop-up window. You can see the address of the real website in the background, but the details you enter in the pop-up window can be stolen.
Phishing originated in the 1990’s, when scammers used the technique to collect AOL account details so that they could gain free internet access. The details were called phish because they were gathering by “fishing” for users. The “ph” imitates the spelling of “phreaker”, the term for those who hacked into the telephone network.
To better protect against phishing attacks, it is good practice not to click on links in e-mail messages. Instead, you should enter the website address in the address field and then navigate to the correct page, or use a bookmark or a Favourite link.
Phishing attacks via e-mail are beginning to include an offline aspect to convince users who are well trained to still leak information; we have seen phishing schemes use phone numbers and fax numbers in addition to website.
Anti-spam software can block many phishing-related e-mails and web-security software can block access to phishing-related websites.