Phishing is a form of social engineering, characterized by attempts to fraudulently acquire sensitive information (such as passwords and credit card details) by masquerading as a trustworthy source in an apparently official electronic communication. The term "phishing" arises from the use of increasingly sophisticated lures to "fish" for a user's financial information and passwords.
Phishing attempts can be very deceiving. You may receive an email that appears to be from a reputable company saying "click here to respond to this message" or "click here to update your account information." You may also receive something that is a bit more suspicious such as "You have just won a European vacation!" In reality, these emails just want you to go to a website and enter in personal information so that the people who sent you the message can either steal your identity or gain access to your accounts for use in fraudulent activities.
Phishing example
A sophisticated and convincing phishing email previously circulated campus with the subject line "[UCANet-L] (Action Required): Email Encryption Service." This was not a legitimate email. The body of the email is below.
Dear Colleagues: In order to encrypt the database platform,we have scheduled a maintenance window to perform the necessary work. Please note that all email accounts need to be verified. The support service desk will be upgrading to latest anti-spam version. You are required to login using the link provided below to avoid account deletion and losing all information on your mailbox. For email encryption, please visit uca.edu/ist/email-encryption. Division of Information Systems & Technology
That link took users to a fraudulent login page, where those who entered their username and password in the page would give away their credentials unknowingly.
External links
For more information about phishing, see the following resources: