Don't miss an insight. Subscribe to Techopedia for free.



What Does Phishing Mean?

Phishing is a security exploit in which a perpetrator impersonates a legitimate business or reputable person in order to acquire private and sensitive information, such as credit card numbers, personal identification numbers (PINs) and passwords.


Phishers use social engineering techniques to fool email recipients and Web users into believing that a spoofed email or website is legitimate and genuine. In actuality, the phishing victim later discovers their personal identity and other vital information have been stolen and exposed.

Techopedia Explains Phishing

Similar to fishing in a lake or river, phishing is computer lingo for fishing over the Internet for personal information. The term was first used in 1996, when the first phishing act was recorded.

Phishing uses email spoofing, link manipulation, image filter evasion and website forgery to fool Web users into thinking that a spoofed email or website is genuine and legitimate. Once the user enters vital information, they immediately becomes a phishing victim.

Types of Phishing Exploits

Popular types of phishing exploites include:

Spear Phishing – this type of phishing expliot targets a specific individual or small group.

Whaling – this type of phishing seeks to exploit a "very big fish" such as the Chief Executive Officer (CEO) or Chief Financial Officer (CFO) of a very large enterprise.

Smishing – this type of phishing exploit uses SMS text messages to communicate with the target.

Vishing – this type of phishing exploit is conducted by phone.

Preventing Phishing Attacks

Fortunately, phishing victimization is preventable. The following security precautions are recommended:

  • Never open unknown or suspicious email attachments.
  • Use updated computer security tools, such as anti-virus software and next-gen firewalls.
  • Never click on email links that request personal information.
  • Validate website URLs before clicking on them.
  • Verify the website's phone number before placing any calls to the phone number provided in an email.
  • Be suspicious of all phone calls requesting personally identifiable information (PII) or the transfers of funds from one account to another.

Related Terms