ABSTRACT
Wikipedia defines phishing as “a criminal activity using
social engineering techniques. Phishers attempt to fraudu-
lently acquire sensitive information, such as usernames,
passwords and credit card details, by masquerading as a
trustworthy entity in an electronic communication.” The
Anti-Phishing Working Group (APWG) defines phishing
as a form of identity theft that employs both social engi-
neering and technical subterfuge to steal consumer’s per-
sonal identity data and financial account credentials. They
further define technical subterfuge as “a scheme to plant
crimeware onto PCs to steal credentials directly, often
using key logging systems to intercept consumers’ online
account user names and passwords, and to corrupt local
and remote navigational infrastructures to misdirect con-
sumers to counterfeit Web sites and to authentic Web sites
through phisher-controlled proxies that can be used to
monitor and intercept consumers’ keystrokes.”