phishing
Phishing is a type of computer and internet fraud in which the defrauder seeks to obtain sensitive information, such as passwords, financial data, or protected or personally identifiable information, by impersonating a legitimate entity via electronic communications. These schemes often involve fraudulent emails, messages, or websites designed to appear as though they originate from familiar trusted organizations, thereby inducing the recipients to disclose confidential information or to interact with malicious links.
There are several variations of phishing. Smishing refers to phishing conducted through text messages or SMS communications. Vishing involves telephone-based phishing, often using caller-ID spoofing or internet-based calling technologies to create the appearance of a legitimate source. Spear phishing targets specific individuals or organizations using tailored, personalized information. A related form, commonly known as whaling, focuses on high-level executives or other senior officials.
Phishing-related conduct is addressed through a combination of federal and state laws, including statutes governing fraud, identity theft, and computer crime. Some jurisdictions have enacted laws specifically targeting phishing. For example, the California Anti-Phishing Act of 2005, codified in Business and Professions Code § 22948, provides civil remedies for victims. Trademark owners and internet service providers (ISPs) whose names, brands, or identifying marks are used without authorization in deceptive communications may recover up to $500,000 per violation, while individual consumers may recover up to $5,000 per violation.
See also: ABA - Scams and Phishing Attacks Powered by AI, and Office of the Comptroller of the Currency - Phishing Attack Prevention: How to Identify & Avoid Phishing Scams.
[Last reviewed in April of 2026 by the Wex Definitions Team]
Wex