Phish, or Phishing, is a rapidly growing form of fraud that seeks to fool web users into divulging private information by mimicking a legitimate website.

In a typical scenario, an unsuspecting user gets an urgent sounding (and authentic looking) email telling him or her there is a problem with their account that they must immediately fix, or the account will be closed. The email will include a URL to a website that looks exactly like the real thing (it is simple to copy a legitimate email and a legitimate website but then change the so-called back-end—where the collected data is actually sent.

The email tells the user to log on to the site and confirm some account information. Any data entered at the site is directed to a malicious hacker who steals the log on name, password, credit card number, social security number, or whatever data s/he requests.

Phish fraud is fast, cheap, and easy to perpetuate. It is also potentially quite lucrative for those criminals who practice it. Phish is hard for even computer-savvy users to detect. And it is hard for law enforcement to track down. Worse, it is almost impossible to prosecute.