Often unscrupulous parties operate phishing scams to unlawfully take personal information, such as usernames, passwords, addresses, credit card information, and ultimately money by disguising themselves as a trustworthy entity. Unscrupulous parties often lure victims by electronic correspondence seemingly from financial institutions, social websites, auction websites, online payment processors, or IT administrators. Victims may receive emails with links to fake webpages that appear to be authentic. These fake webpages typically request the victim to verify information by entering personal information into various information requests on the website. In this way, the user will believe that a legitimate source requested this information, and the user will enter the requested information onto the fake webpage. The unscrupulous person can then unlawfully take this information and can, for example, access the user's credit card and unlawfully take money from the victim.
For companies that host accounts, such as financial institutions, it is very difficult to determine which users are being targeted by phishing scams and whether unscrupulous parties have taken user information because the victim often gives personal information directly to unscrupulous parties through phishing websites.