Phishing is the act of sending email to a user while falsely claiming to be an established legitimate enterprise, and done in an attempt to scam the user into surrendering private information that will be used for identity theft. The phishing email directs the user to visit a website where they are asked to update personal information (such as passwords or credit card, social security, and bank account numbers) that the legitimate organization already has. The website, however, is bogus and set up only to steal the user’s information.
For example, 2003 saw the proliferation of a phishing scam in which users received emails supposedly from eBay claiming that the user’s account was about to be suspended unless he clicked on the provided link and updated the credit card information that the genuine eBay already had. Because it is relatively simple to make a website look like a legitimate organization's site by mimicking the HTML code, the scam counted on people being tricked into thinking they were actually being contacted by businesses, and they were subsequently going to business site to update their account information. By spamming large groups of people, the “phisher” counted on the email being read by a percentage of people who actually had listed credit card numbers with businesses legitimately.
Phishing, also referred to as brand spoofing or carding, is a variation on “fishing,” the idea being that bait is thrown out with the hopes that while most will ignore the bait, some will be tempted into biting.
The most heinous form of phishing, when victim computer's settings are modified and hijacked is called “Pharming”. In case of pharming, identity theft criminals use spyware and Trojan viruses to redirect you to their websites when you try to access your bank's website.