What is Phishing?
Internet Marketing Dictionary | Phishing

Phishing is a process used by internet fraudsters to get log in details for bank accounts etc. by sending out emails that look as though they come from a genuine business that invite the reader to log in to their account to update or confirm their username or password etc.

Typically an email would be created to look as though it came from a bank. So, for example, it would include images of the bank's logo, and other branding features so that it looked exactly like you would expect an email from the bank to look like.

Included in the phishing email would be a link that was also designed to look like a genuine link to the bank or credit card company etc.

However, when you click that link you actually get taken to a fraudulent website that looks like the real thing but which in fact is controlled by fraudsters.

On this website would be the standard log in forms to fill in and if you fill them in, your log in details go straight to the fraudsters own systems. This means that they can then use these to access your real account and steal money from you.

One way of spotting a phishing email is to look at the source code of the email and see the actual web address of any links. In many phishing emails these addresses look genuine enough but there are always one or two that take you to the phishing site.

For example, a phishing email may contain links to your bank's website in order to display the bank's logo in your email. But the links to your log in page will actually be links to a fraudster's website.

To make this even more confusing, these fraudster links are often constructed so that they look genuine at first site. To give you an example, suppose you bank with Citibank. You might expect to see a link with citibank.com in it such as this one: http://www.citibank.com.fraudsterssite.cn. But that link would actually take you to the website fraudstersite.cn and not Citibank's website.

The key way you can protect yourself from phishing is always to navigate directly to your bank's website and never click a link in an email - no matter how genuine it appears to be.