Table 1 Definitions of phishing from four dictionaries and the APWG

Oxford University

The fraudulent practice of sending emails

Press ([2014]), UK

purporting to be from reputable companies

in order to induce individuals to reveal

personal information, such as passwords and

credit card numbers, online.

Collins English

The practice of using fraudulent e-mails and

Dictionary ([2013]), UK

copies of legitimate websites to extract

financial data from computer users for

purposes of identity theft.

Merriam-Webster ([2013]),

A scam by which an e-mail user is duped into

USA

revealing personal or confidential information

which the scammer can use illicitly.

American Heritage

To request confidential information over the

Dictionary ([2013]), USA

Internet or by telephone under false

pretenses in order to fraudulently obtain

credit card numbers, passwords, or other

personal data.

Anti-Phishing Working

Phishing is a criminal mechanism employing

Group ([2013])

both social engineering and technical

subterfuge to steal consumers’ personal

identity data and financial account

credentials. Social engineering schemes use

spoofed e-mails purporting to be from

legitimate businesses and agencies, designed

to lead consumers to counterfeit websites

that trick recipients into divulging financial

data such as usernames and passwords.

Technical subterfuge schemes plant

crimeware onto PCs to steal credentials

directly, often using systems to intercept

consumers online account user names and

passwords – and to corrupt local navigational

infrastructures to misdirect consumers to

counterfeit websites (or authentic websites

through phisher-controlled proxies used to

monitor and intercept consumers’ keystrokes).