About Phishing

What is phishing?

From the wikipedia definition:

Phishing is attempting to acquire information (and sometimes, indirectly, money) such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication.

Why is it called "phishing"?

The term "phishing" is, obviously, derived from "fishing", to reflect how email messages are sent as bait in the hope that someone will bite and get caught.

The "ph" part is a common hackerism: replacing f's with ph's. See the Jargon File for more information

How does phishing work?

Because of the way that web-browsers work, the actual text that appears as a clickable link is not actually related to where the link goes. This lets the phisher create links like this one that can have any text in them. Unfortunately this also means that they can create links like this one; "http://www.paypal.com". This link appears to go to the PayPal site, but it actually goes to our help page.

What phishers do is to create a web-site that looks authentic. Then they send out a lot of email that pretends to be from the real site. By using forged links, phishers misdirect you to their own site to try to steal your personal information.

How did they get my email address?

Like most spammers, phishers have either built up lists by scanning web-sites and mailing lists, etc. or they just try a lot of random email addresses and hope to get lucky.

You seem to be catching too many legitimate URLs. Can I turn the phishing detection off?

Yes. Just go to the Options screen, go to the Account Preferences screen and then uncheck the Phishing Protection checkbox.

Is there any other phishing information that you would recommend reading?

There are many good external resources about phishing. Here are just a few: