Phishing is a way that criminals get sensitive information (like usernames or passwords). It is a method of social engineering. Very often, phishing is done by electronic mail. This mail appears to come from a bank or other service provider. It usually says that because of some change in the system, the users need to re-enter their usernames/passwords to confirm them. The emails usually have a link to a page that looks almost like that of the real bank.
Phishing grew by 42% in January of 2005: 8,829 E-mails with phishing were sent in December of 2004 but that grew to 12,845 by end of January 2005.
The number of web pages with phishing grew from 1,740 to 2,560 in the same period.
Filter evasion[change | change source]
Some people who do this started using pictures of text to make it harder for anti-phishing filters to see it. This sometimes works because the filters look for words often used in phishing emails/messages. However, people have invented better filters that can still read the text using OCR (optical character recognition).
Some anti-phishing filters even use IWR (intelligent word recognition), which can even read cursive, hand-written, upside-down, distorted (for example, wavy or stretched) text, as well as writing on colored backgrounds.