Phishing (pronounced ‘fishing’) is a form of Internet fraud.
A dummy or spoof website is created resembling that of a legitimate organisation, typically a financial institution such as a bank or insurance company. A email is sent requesting that the recipient logs-on to the dummy website by clicking a link or image. (Embedding the links in the email avoids the possibility of the user typing out the legitimate website address.)
If the user clicks-through from the email, they are presented with a replica of a website they trust.
More sophisticated operations go so far as to register plausible URLs, e.g. using similar initials, or a subdomain that mirrors the legitimate website address. Once at the dummy site, the user is prompted to confirm or reenter their personal details, including security access codes.
The aim of the fraud is to obtain access codes; to online transaction services or credit cards. The increase in such fraud has prompted additional security measures online service providers.
In New Zealand, ASB Bank has implemented a system requiring the account holder to confirm their identity by TXT/SMS or telephone to complete high-value transactions.
the technical and psychological backgrounds behind why phishing works.
2007: A user study which gauges reactions to a variety of common “trust indicators” – such as logos, third party endorsements, and padlock icons – over a selection of authentic and phishing stimuli.