Phishing, commonly referred to as email spoofing, is the practice of attempting to misappropriate Internet users' passwords, financial or personal information, or introduce a virus attack, by masquerading as a creditable institution in an electronic communication. Phishing is often performed in combination with website spoofing, which is the technique of replicating an actual, well-known website. A common phishing technique involves luring unsuspecting Internet users to a spoofed website by using an authentic-looking email that appears to have been sent by the credible institution. For example, a phisher might send an email to customers of a credible institution, directing those customers to the spoofed website, which is a replica of the credible institution's actual website.
To appear authentic, the spoofed email and website may include actual images downloaded or otherwise obtained from the credible institution's website. For example, the spoofed email may instruct unsuspecting customers to login to their online account to update or confirm account information. The spoofed email may contain a link that, instead of directing users to the legitimate website, directs users to the spoofed website. There, users, because they believe the spoofed website is the legitimate website, willingly provide login details, such as username and password, and personal and financial information, such as credit card numbers, social security number, and mother's maiden name. Once this information is acquired, phishers may use customer information to create fake accounts. Phishers can then misappropriate large sums of money from financial institutions, while negatively affecting customers' credit.
There are several different techniques to combat phishing. For example, known anti-phishing software identifies phishing content contained in websites and emails, and notifies Internet users when spoofed websites and emails are masquerading as legitimate websites and emails. However, this type of software is not capable of identifying devices used to construct the spoofed websites and email, so that the phishers may be identified and successfully prosecuted.