Click any word in a definition or example to find the entry for that word
the criminal activity of persuading people to give personal information such as passwords and credit card details by directing them to a fake website which has been made to look exactly the same as the website of a legitimate bank or other organisation
'"We arrested a 21-year-old man on suspicion of phishing, a scam where someone sends out emails purporting to come from a bank, on this occasion Smile," said an NHTCU spokeswoman …'Press Association 29th April 2004
'Phishers send emails which purport to be official notices from banks or retailers saying that an account needs to be updated or informing about a new product on sale …'The Guardian 30th April 2004
' … check your bank's website for more information on Internet security. If you think you have been phished, contact your bank immediately.'Straits Times, Singapore 29th May 2004
'Twelve arrested for laundering phished funds … 'news.zdnet.co.uk 5th May 2004
'Every internet user in Britain must have received a phish by now.'The Guardian 3rd June 2004
In recent months, a major new Internet crime wave has emerged. An increasing number of consumers are being conned into divulging financial information to fraudsters via the practice of phishing. An official-looking e-mail, allegedly from a bank, ISP, etc, is sent to potential victims, requesting updated personal information on some pretext or other, such as technical problems or internal accounting errors. Via a link in the e-mail message, the user is then directed to a web page which asks for financial information. The fake web page can look convincingly similar to a legitimate source, since any HTML page on the web can easily be copied and modified as necessary.
British police recently estimated that phishing crimes cost UK banks in the region of
British police recently estimated that phishing crimes cost UK banks in the region of £60 million during 2003, and in the United States the economic toll was even worse, costing American banks and credit card companies an estimated $1.2 billion.
The noun phishing typically appears in compound phrases such as a phishing scam/e-mail, and the countable noun phisher has been coined to refer to perpetrators of the crime. There are two phish homographs: a transitive verb usually used in the passive as in you've been phished! – i.e. 'you have fallen victim to a phishing scam' – and a countable noun most commonly used to refer to the e-mail that triggers the deception. A participle adjective phished is also quite common, as in phished e-mail/site/data.
The term phishing has been around in computer hacker culture since the mid-1990s, where it originally referred more generally to the practice of acquiring password information in order to infringe security barriers. Its use specifically in the context of Internet-based financial crimes is more recent. The word is derived from a deliberate misspelling of fish in its verbal sense of trying to obtain information. The analogy of 'trying to catch (a fish)' is often carried over as well. For instance, the use of phish as a noun to refer to the e-mail which tricks the victim is related to the idea of fish as 'bait'. Discussions of the practice often also include fishing references such as phishing lines, a phishing expedition, get caught/hooked by a phish.
This article was first published on 7th August 2004.