Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication.

Example: Hacker sends out an email to send users to a login page that collects user names and passwords. The page may even send the user to the legitimate website.

Defense: Users can be educated to be more suspicious.
Users can run anti-Phishing software. Often, it’s part of their Antivirus package.
Websites can be designed so it will be obvious to a user when they are not on the “real” website.

No ‘Phishing’: Banks Try to Sink Scammers (2.5B spent on anti-phishing last year)
Under the Hood: Banking Malware (How it’s done videos)
Fresh Phishing Scam Pretending to be Halifax Bank Detected
Fraudulent ‘ACH and Wire transfers’ E-Mails (Phishing using the FDIC)