Prevalence

Phishing is a variation on the word fishing. Criminals "phish" for personal information by setting out hooks and hoping that some recipients of their fraudulent emails will take the bait.

Phishers use any number of different social engineering and e-mail spoofing ploys to try to trick their victims. In a recent case before the Federal Trade Commission (FTC), a 17-year-old male sent out messages purporting to be from America Online that said there had been a billing problem with recipients' AOL accounts. The perpetrator's e-mail used AOL logos and contained legitimate links. If recipients clicked on the "AOLBillingCenter" link, however, they were taken to a spoofed AOL Web page that asked for personal information, including credit card numbers, personal identification numbers (PINs), social security numbers, banking numbers, and passwords. Some recent phishing scams even play off of victims' fear of identity theft, asking them to login to learn more about recent attempts to steal personal information.

By all accounts, phishing attacks are increasingly prevalent and are accelerating in quantity and sophistication. In July 2003, the FBI called phishing the "hottest, and most troubling, new scam on the Internet." The Anti-Phishing Working Group currently estimates that 75 million to 150 million phishing emails are sent every day.