Phishing is an malicious technique used by viruses or hackers to fool people into using their username and passwords. How these work is that A creates B which mimics Facebook. C ends up on B which looks to be Facebook to C, and ends up entering his username and password. A acquires C's userdata from B and thus A has stolen C's user credientials for Facebook.
Why It's Rotten In General
- They are used to fool people, by making them think they're on a legitimate website.
- It can be pretty easy to tell that it's a phishing site if the urls are DIFFERENT, but hackers with the right knowledge can make a phishing site that uses the right symbols to match the actual url's name without overlapping. It takes a miracle of text modification to be able to make a subject be fooled as well
- Even with a good filter, most of these phishing sites have dynamic url names, which means they could be everywhere and changing domain names. For example, Firewall blocks Phish 1, but Phish 1 spoofs url to Phish 2, Firewall goes on to block Phish 2, but Phish 2 changes again and again. They often at times have non-static IP addresses.