act of sending e-mail that purports to be from a reputable source, such as the recipient's bank or credit card provider, and that seeks to acquire personal or financial information. The name derives from the idea of “fishing” for information.

In phishing, typically a fraudulent e-mail message is used to direct a potential victim to a World Wide Web site that mimics the appearance of a familiar bank or e-commerce site. The person is then asked to “update” or “confirm” their accounts, thereby unwittingly disclosing confidential information such as their Social Security number or a credit-card number. In addition to or instead of directly defrauding a victim, this information may be used by criminals to perpetrate identity theft, which may not be discovered for many years.

In 2007, according to Gartner, Inc., an American technology research company, 8.5 billion phishing e-mails were sent out globally each month, the total number of victims for the year was about 3.2 million, and their losses were in excess of $3.6 billion. According to the global Anti-Phishing Working Group, the number of phishing Web sites doubled between 2007 and 2008 to more than 6,500.