The practice of sending out fake email messages that look as if they come from a trusted person or institution, usually a bank, in order to trick people into handing over confidential information. The emails often direct you to a website that looks like that of the real financial institution. But it is a fake and has been rigged to collect your personal information, such as passwords, credit card numbers and bank account numbers, and transmit them to the Bad Guys.
Phishing scams use various social engineering and spoofing techniques to try to trick their victims into giving away personal information such as account usernames, passwords, credit card numbers, social security numbers, and home addresses.
Most of these emails look "official," as if they were sent from a trusted entity like a bank, or a retailer or another legitimate business. As a result, recipients often respond to them, which can result in financial losses, identity theft, or other fraudulent activity.
Phishing is a variation on the word fishing; fishers (and phishers) set out hooks, knowing that although most won't take the bait, someone just might.
In addition to mass mailings, phishers have started using a more targeted method of phishing called "Spear Phishing." In a spear phishing attack, the only recipients of the email are known members of the institution that the email is targeting. Universities are frequently targets of this type of attack because all of the email addresses end with a common "phrase," in our case: @k-state.edu.
Email addresses are acquired for Spear Phishing in several ways:
| Organization/entity | Web address |
| Anti-Phishing Working Group | www.antiphishing.org |
| Looks Too Good To Be True | www.lookstoogoodtobetrue.com |
| Internet Crime Complaint Center | www.ic3.gov |
| Federal Trade Commission's OnGuard Online | onguardonline.gov |
| Urban legends and hoaxes | www.snopes.com |