When it began: The first well-known mention of phishing was in newsgroup called alt.2600 hacker newsgroup in January 1996, though it probably showed up earlier in a hacker newsletter called “2600.”

What it is: Phishing attempts to trick Internet users into divulging their personal information for use or resale by criminals who can profit from the information. Originally delivered through crude typo-ridden e-mails, phishing has matured into a range of sophisticated methods that are cable of fooling even experienced computer users (social engineering is the clinical term for this kind of trickery). For example, e-mails may contain the snazzy logos and the exact language used on websites of respected financial institutions or electronic commerce retailers. These emails link to websites that look just like the real thing. They may also contain personal or account information gleaned from other sources. Phishing has become so successful that it has been adopted by organized crime around the world as a new channel for theft, extortion and blackmail, according to security vendor RSA.

Variants of phishing include:

Vishing: Computer users are cajoled into calling a phone number to give up their personal information directly to a waiting criminal.

Spear phishing: Criminals obtain access to a corporate network or social networking site, and obtain e-mail addresses of people familiar to the potential victim and create messages that purport to come from direct bosses, HR departments or close friends.

Pharming: Criminals manipulate legitimate websites or use tools to redirect traffic to bogus sites that collect victims' information or take over their machines.

Responses: IP address blacklists; Bayesian content filters; content heuristics engines; content fingerprinting schemes augmented by sender authentication; anti-virus software; network monitoring; teaching computer users not to click on communications or software that they are not expecting to receive.