The word phishing comes from the analogy that Internet scammers are using email lures to 'fish' for passwords and financial data from the sea of Internet users.
Phishing, also called "brand spoofing" is the creation of email messages and Web pages that are replicas of existing, legitimate sites and businesses. These Web sites and emails are used to trick users into submitting personal, financial, or password data. These emails often ask for information such as credit card numbers, bank account information, social insurance numbers, and passwords that will be used to commit fraud.
The go al of criminals using brand spoofing is to lead consumers to believe that a request for information is coming from a legitimate company. In reality it is a malicious attempt to collect customer information for the purpose of committing fraud.