In computing, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication.

An old method of spoofing used links containing the '@' symbol, originally intended as a way to include a username and password (contrary to the standard).[23] For example, the link http://www.somebank.com@members.tripod.com/ might deceive a casual observer into believing that it will open a page on www.somebank.com, whereas it actually directs the browser to a page on members.tripod.com, using a username of www.somebank.com: the page opens normally, regardless of the username supplied

Not all phishing attacks require a fake website. Messages that claimed to be from a bank told users to dial a phone number regarding problems with their bank accounts.[38] Once the phone number (owned by the phisher, and provided by a Voice over IP service) was dialed, prompts told users to enter their account numbers and PIN. Vishing (voice phishing) sometimes uses fake caller-ID data to give the appearance that calls come from a trusted organization.