Phishing (pronounced "fishing") is a scam to steal valuable information such as credit card and Social Security numbers, user IDs, and passwords. In phishing, also known as "brand spoofing," an official-looking e-mail is sent to potential victims pretending to be from their Internet Service Provider, credit union, bank, or retail establishment. E-mails can be sent to people on selected lists or on any list, and the scammers expect some percentage of recipients will actually have an account with the real organization.
Landline telephone vishing and VoIP vishing (Voice over Internet Protocol vishing), also called "voice phishing," is the voice counterpart to phishing. Instead of being directed by e-mail to a website, an e-mail message asks the user to make a telephone call. The call triggers a voice response system that asks for the user's card number or other personal or financial information. The initial bait can also be a telephone call with a recording that instructs the user to phone an 800 number or another area code within or outside of the United States. In either case, because people are used to entering card numbers over the phone, this technique can be effective.
Text Message Smishing
Smishing (SMS phISHING) is the mobile phone counterpart to phishing. Instead of being directed by e-mail to a website, a text message is sent to the user's cell phone or other mobile device with some ploy to click on a link. The link causes a Trojan to be installed in the cell phone or other mobile device.
Mail Letter Phishing
This scam occurs where the phisher is creating a letter and sending it through the mail to individuals to respond to the letter by calling a phone number. The phisher outlines in the letter that the individual must respond for their own protection. This scam is used in conjunction with other channels to steal valuable personal and financial information of the individual receiving the letter.