Word of the Week

by Kerry Maxwell, author of Brave New Words, with recordings by speechinaction

phishing noun [U] slashp-stressfishingslash
the criminal activity of persuading people to give personal information such as passwords and credit card details by directing them to a fake website which has been made to look exactly the same as the website of a legitimate bank or other organisation

phisher noun [C] slashp-stressfishschwarslash

phish verb [T], noun [C] slashfishslash

phished adj slashfishtslash

‘“We arrested a 21-year-old man on suspicion of phishing, a scam where someone sends out emails purporting to come from a bank, on this occasion Smile,” said an NHTCU spokeswoman …’
Press Association  29th April 2004

Phishers send emails which purport to be official notices from banks or retailers saying that an account needs to be updated or informing about a new product on sale …’
The Guardian  30th April 2004

‘ … check your bank's website for more information on Internet security. If you think you have been phished, contact your bank immediately.’
Straits Times, Singapore  29th May 2004

‘Twelve arrested for laundering phished funds …’
news.zdnet.co.uk  5th May 2004

‘Every internet user in Britain must have received a phish by now.’
The Guardian  3rd June 2004

In recent months, a major new internet crime wave has emerged. An increasing number of consumers are being conned into divulging financial information to fraudsters via the practice of phishing. An official-looking e-mail, allegedly from a bank, ISP, etc., is sent to potential victims requesting updated personal information on some pretext or other, such as technical problems or internal accounting errors. Via a link in the e-mail message, the user is then directed to a web page which asks for financial information. The fake web page can look convincingly similar to a legitimate source, since any HTML page on the web can easily be copied and modified as necessary.

British police recently estimated that phishing crimes cost UK banks in the region of £60 million during 2003, and in the United States the economic toll was even worse, costing American banks and credit card companies an estimated $1.2 billion.

The noun phishing typically appears in compound phrases such as a phishing scam/e-mail, and the countable noun phisher has been coined to refer to perpetrators of the crime. There are two phish homographs: a transitive verb usually used in the passive as in … you’ve been phished! - i.e. ‘you have fallen victim to a phishing scam’ - and a countable noun most commonly used to refer to the e-mail that triggers the deception. A participle adjective phished is also quite common, as in phished e-mail/site/data.

Background
The term phishing has been around in computer hacker culture since the mid-nineties, where it originally referred more generally to the practice of acquiring password information in order to infringe security barriers. Its use specifically in the context of internet-based financial crimes is more recent. The word is derived from a deliberate misspelling of fish in its verbal sense of trying to obtain information. The analogy of ‘trying to catch (a fish)’ is often carried over as well. For instance, the use of phish as a noun to refer to the e-mail which tricks the victim is related to the idea of fish as ‘bait’. Discussions of the practice often also include fishing references such as phishing lines, a phishing expedition, get caught/hooked by a phish.

Search the Web
phishing
phisher
phish

Search with WebCorp.
Search with Web Concordancer.

PREVIOUS WORD OF THE WEEK

This article was first published on 7th August 2004
Subject archive: technology - e-mail, technology - internet