Phishing, which is variant of the term fishing, is the act of attempting to acquire information such as usernames, passwords, and credit card details (and sometimes, indirectly, money) by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from businesses, popular social web sites, auction sites, online payment processors, or information technology (IT) administrators are commonly used to lure the unsuspecting public. Phishing e-mail messages may contain links to websites that are infected with malware. Phishing may occur by e-mail spoofing or instant messaging and often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering techniques used to deceive users, and typically exploits the poor usability of web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures. Thus, it is desirable that the risk of phishing be reduced or eliminated.