Phishing is the illegal act of acquiring personal information by tricking the user into divulging it, under the guise of a legitimate party. The term comes from the word “fishing,” as the main objective of this activity is to lure users into giving out their private details.

Offenders may try to access credit card information, passwords, and other sensitive details by sending emails which appear official and seem to come from trustworthy sources. They may also direct users to websites which seem authentic. It can be very difficult to tell whether a website is fake or not, even with the use of authentication processes. Phishers may use misspelled URLs or make use of subdomain names to trick users into believing that the site being used is legitimate. Another method involves the use of a pop-up which appears when the user gains access to a legitimate website.

One of the usual targets of phishers are online payment facilities. In this case, phishing is done at random and may affect several users who make use of a particular payment service. On the other hand, some phishers have specific targets. This is more specifically known as spear fishing. When the targets happen to be major players in the industry, the term used is whaling.

Social networking sites can also be easy targets. Since many users include personal information when filling out their profiles, it can be easier for phishers to acquire even more data.

To address this problem, users need to be aware of how to spot common phishing signs. It is also advisable to be familiar with website URLs and enter them manually, instead of relying on links which may direct users to fake sites.