"Phishing is a criminal mechanism employing both social engineering and technical subtefuge to steal consumers' personal identity data and financial account credentials. Social-engineering schemes use spoofed e-mails purporting to be from legitimate businesses and agencies to lead consumers to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords.

Social-engineering schemes use spoofed e-mails purporting to be from legitimate businesses and agencies to lead consumers

to counterfeit websites designed to trick recipients into divulging financial data such as usernames and passwords.

Technical-subterfuge schemes plant crimeware onto PCs to steal credentials directly, often using systems to intercept consumers' online account usernames and passwords - and to corrupt local navigational infrastructures to misdirect consumers to counterfeit websites (or authentic websites through phisher-controlled proxies used to monitor and intercept consumers' keystrokes)."*