The term Phishing originates as a loose variant of the term 'fishing'. It is a practice that started in the mid 1990s that criminally attempts to 'fish' for information using sophisticated baits such as fake emails asking for personal information such as passwords.

Recently, many of these phishing scams come in the form of emails from banks asking for information. For example, a fake email claiming to originate from a certain bank requests the user to log in to update certain required information. From that email, the user is directed to a fake website that can look identical to the genuine bank website. The user's login and password is then captured when a naive user attempts to log in. This login and password is then used to transfer money out of the victims account.

An example of a phishing email:

Subject: YOUR DETAILS HAVE BEEN CHANGED!

Dear Customer,
This message has been sent to you by Visa Security Program.

You've specified this e-mail as reachable with your credit card online transaction (your credit card details are not shown here for security reasons).
We notify you that your level of authorization has been altered during your last transaction of AUD 107.40 together with the service fee
of AUD 24.00. (26 SEPT 2006)
You can check details in the attachment.

If you believe there was a mistake please report this to Verified by Visa by replying this email.

Regards
VISA TechSupport

______________________________________________________________

In thre foregoing example, the scammer attempts to mimic an email from the credit card company Visa. If an unknowing reader decides to reply to this email, the response would go to the scammer's email account and the victim would be manipulated into revealing personal details such as the credit card number and expiry date. Usually, email addresses / web addresses shown in such messages are masked in a way that it appears to be legitimate, but when the reader clicks on it, they are led to a different email/website that is fraudulent.