What is Phishing?

Phishing is the mechanism of fooling/misguiding a user in order to acquire sensitive information like usernames, passwords, bank account details, credit card details, etc. by acting/purporting as a trustworthy entity during electronic communication.

Phishing is normally carried out by sending an email to a user masquerading as a legitimate or trustworthy enterprise in order to scam the user of private information.

The email would normally contain links that seem to be legitimate and directs the user to a website with details just as that found on the legitimate site.

The user is asked to fill in the information and as the website is fake the details of the user would have been stolen by the time the user realizes the same. Phishing can be considered an example of a social engineering attack that is used to fool users into clicking on links that are actually not the original links but are malicious or hacked sites that contain the scripts that would steal their data once the original looking form is filled.

These types of attacks are more or less a result of the weak and poor usability of current web security technologies. The Internet Security solutions available nowadays along with a few browsers have developed a blacklisting technology wherein phishing sites are reported by security companies around the world on a daily basis.

These internet security solutions and browsers would block the browsing of the user if the link on which the user has clicked has been reported as a phishing site.