Phishing is the action of falsely presenting oneself online as a valid enterprise in order to trick consumers into giving up personal financial information that will be used for identity theft or other criminal activity. Phishing is most commonly performed through the form distribution of e-mail messages leading users to a web site. When phishing is performed via email, the criminal sends out a large number of messages that appear to come from a legitimate source such as a trusted business or financial institution. The emails include an urgent request for personal information to be submitted -- usually the phisher mentions that there is something critical that needs to be updated on the account immediately. A link is provided in the email message to an official-looking website where the information is actually entered by users; personal information provided to this site, however, goes directly to the criminal performing the phishing attack, and not to the valid business being impersonated.
Phishing is, therefore, a form of social engineering attack that exploits a human weakness; technology is used as means of communications.

​​