Creating a replica of an existing Web page to fool a user into submitting personal, financial, or password data. adj.
is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Recent victims include Charlotte's Bank of America, Best Buy and eBay, where people were directed to Web pages that looked nearly identical to the companies' sites.
The term had its coming out this week when the FBI called phishing the "hottest, and most troubling, new scam on the Internet." The name appears to have no connection to the band Phish, an FBI spokesman said.
Andrew Shain, "Phishing to steal your information," Charlotte Observer, July 25, 2003
The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. The most common ploy is to copy the Web page code from a major site such as AOL and use that code to set up a replica page that appears to be part of the company's site. (This is why phishing is also called spoofing.) A fake e-mail is sent out with a link to this page, which solicits the user's credit card data or password. When the form is submitted, it sends the data to the scammer while leaving the user on the company's site so they don't suspect a thing.