Phishing attacks use email messages and web sites designed to look as if they come from a known and legitimate organization, in order to deceive users into disclosing personal, financial, or computer account information. The attacker can then use this information for criminal purposes, such as identity theft, larceny, or fraud. Users are tricked into disclosing their information either by providing it through a web form or by downloading and installing hostile software.

A phishing attack succeeds when a user is tricked into believing they're interacting with a legitimate company and thus takes actions that have effects contrary to the user's intentions. Usually this involves giving away a user's name and password.

Once the fraudster obtain this compromising, private information; they access the account to perform fraudulent activities, such as transferring the balance of a checking account to an external account.