Phishing

Phishing is similar to fishing in a lake, but instead of trying to capture fish, phishers attempt to steal your personal information. They send out e-mails that appear to come from legitimate websites such as eBay, PayPal, or other banking institutions. The e-mails state that your information needs to be updated or validated and ask that you enter your username and password, after clicking a link included in the e-mail. Some e-mails will ask that you enter even more information, such as your full name, address, phone number, social security number, and credit card number. However, even if you visit the false website and just enter your username and password, the phisher may be able to gain access to more information by just logging in to you account.

Phishing is a con game that scammers use to collect personal information from unsuspecting users. The false e-mails often look surprisingly legitimate, and even the Web pages where you are asked to enter your information may look real. However, the URL in the address field can tell you if the page you have been directed to is valid or not. For example, if you are visiting an Web page on eBay, the last part of the domain name should end with "ebay.com." Therefore, "http://www.ebay.com" and "http://cgi3.ebay.com" are valid Web addresses, but "http://www.ebay.validate-info.com" and "http://ebay.login123.com" are false addresses, which may be used by phishers. If URL contains an IP address, such as 12.30.229.107, instead of a domain name, you can almost be sure someone is trying to phish for your personal information.

If you receive an e-mail that asks that you update your information and you think it might be valid, go to the website by typing the URL in your browser's address field instead of clicking the link in the e-mail. For example, go to "https://www.paypal.com" instead of clicking the link in an e-mail that appears to come from PayPal. If you are prompted to update your information after you have manually typed in the Web address and logged in, then the e-mail was probably legitimate. However, if you are not asked to update any information, then the e-mail was most likely a spoof sent by a phisher.

Most legitimate e-mails will address you by your full name at the beginning of the message. If there is any doubt that the e-mail is legitimate, be smart and don't enter your information. Even if you believe the message is valid, following the guidelines above will prevent you from giving phishers your personal information.

Updated 2006

Definitions by TechTerms.com

The definition of Phishing on this page is an original TechTerms.com definition. If you would like to reference this page or cite this definition, you can use the green citation links above.

The goal of TechTerms.com is to explain computer terminology in a way that is easy to understand. We strive for simplicity and accuracy with every definition we publish. If you have feedback about the Phishing definition or would like to suggest a new technical term, please contact us.

Want to learn more tech terms? Subscribe to the daily or weekly newsletter and get featured terms and quizzes delivered to your inbox.

Sign up for the free TechTerms Newsletter

How often would you like to receive an email?

You can unsubscribe or change your frequency setting at any time using the links available in each email.

Questions? Please contact us.