Phishing, now the Internet’s biggest identity theft scam, costs consumers more than $56 billion annually. Its name comes from the expression, “Password Harvesting fishing.”
Using a variety of techniques, Phishers attempt to deceive Internet users into disclosing credit card or bank account numbers, Social Security numbers, passwords and other confidential information. In particular, Phishing schemes include official-looking e-mails that link to fraudulent Web sites designed to look like legitimate company sites. Visitors are lured into disclosing personal information via the site, which criminals then use against the victim.
Phishing e-mails or Web sites appear to come from trusted sources such as banks, retailers or other reputable companies. They usually use official-sounding language and real company logos to make them seem to be authentic. Typically, they open to a form prompting the user to "update" information, and then click a command button to "validate" or "confirm" that the information provided is accurate. The information is then transferred to the creator of the phishing site and can be used to steal your identity.
Phishing sites could also trigger Keyloggers, software programs that record data that you type into legitimate sites -including passwords and other identifiers- and transmit them back to the criminals who sent them.