phishing， also referred to as brand spoofing（哄骗） or carding， is a variation on “fishing，” the idea being that bait is thrown out with the hopes that while most will ignore the bait， some will be tempted into biting.
creating a replica of an existing web page to fool a user into submitting personal， financial， or password data.
the act of sending an e-mail to a user falsely claiming to be an established legitimate enterprise in an attempt to scam the user into surrendering private information that will be used for identity theft. the e-mail directs the user to visit a web site where they are asked to update personal information， such as passwords and credit card， social security， and bank account numbers， that the legitimate organization already has. the web site， however， is bogus（伪造的） and set up only to steal the user‘s information……
the term phishing comes from the fact that internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. the most common ploy is to copy the web page code from a major site — such as aol — and use that code to set up a replica page that appears to be part of the company's site. （this is why phishing is also called spoofing.） a fake e-mail is sent out with a link to this page， which solicits the user's credit card data or password. when the form is submitted， it sends the data to the scammer while leaving the user on the company's site so they don't suspect a thing.