U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Computer Security Resource Center

Computer Security Resource Center

This is an archive
(replace .gov by .rip)
    Glossary
A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

phishing

Definition(s):

  A technique for attempting to acquire sensitive data, such as bank account numbers, through a fraudulent solicitation in email or on a web site, in which the perpetrator masquerades as a legitimate business or reputable person.
Source(s):
NIST SP 800-12 Rev. 1 under Phishing from IETF RFC 4949 Ver 2
CNSSI 4009-2015 [Superseded] from IETF RFC 4949 Ver 2

  Tricking individuals into disclosing sensitive personal information through deceptive computer-based means.
Source(s):
NIST SP 800-150 under Phishing from NIST SP 800-88 Rev. 1
NIST SP 800-45 Version 2 under Phishing
NIST SP 800-83 Rev. 1 under Phishing

  A digital form of social engineering that uses authentic-looking—but bogus—e-mails to request information from users or direct them to a fake Web site that requests information.
Source(s):
NIST SP 800-115 under Phishing

  Using social engineering techniques to trick users into accessing a fake Web site and divulging personal information.
Source(s):
NIST SP 800-44 Version 2 under Phishing

  Tricking individuals into disclosing sensitive personal information by claiming to be a trustworthy entity in an electronic communication (e.g., internet web sites).
Source(s):
NIST SP 800-82 Rev. 2 under Phishing

  An attack in which the Subscriber is lured (usually through an email) to interact with a counterfeit Verifier/RP and tricked into revealing information that can be used to masquerade as that Subscriber to the real Verifier/RP.
Source(s):
NIST SP 1800-21B under Phishing from NIST SP 800-63-3
NIST SP 800-63-3 under Phishing
NIST SP 800-63-2 [Superseded] under Phishing

  An attack in which the subscriber is lured (usually through an email) to interact with a counterfeit verifier or relying party and tricked into revealing information that can be used to masquerade as that subscriber to the real verifier or relying party.
Source(s):
NIST SP 1800-17b under Phishing

  Deceptive computer-based means to trick individuals into disclosing sensitive personal information.
Source(s):
NIST SP 800-114 [Superseded] under Phishing

  Using fraudulent e-mails and Web sites that look very similar to the legitimate sources with the intent of committing financial fraud.
Source(s):
NIST SP 800-69 [Withdrawn] under Phishing