goin' phishing - the signaling involved

"Phishing" occurs when a criminal attempts to gather personal information about a potential victim by using some type of familiar "lure".  Pervasive on the web, phishing often involves seemingly legitimate emails from legitimate retailers.  However, in a phishing scenario, this innocuous email does not link back to the real retailers site, but to a criminal's site, thus allowing for the collection of data.  Additional information around phishing can be found online, but this entry is focused on the signaling that must occur for phishing to be successful.

Very similar to the "fishing" many enjoy today, "phishing" requires a criminal to create a false perception of reality.  If the "bait" (in this case an email from an online retailer requesting username/password information) is too unexpected, people will recognize it as suspicious and often ignore the bait.  Thus the target victim is not convinced by the signal created by the phisher.  

However, the successful phishers are painstaking in their work.  They often create a sense of urgency (by requesting immediate action or "else"), which can cause unsuspecting individuals to gloss over the mental decision points and simply react.  This attempt to compel the victim may even come in the form of a mild threat ("If you don't reply now, you're access to the site will be denied", etc).  Given this scenario, one should immediately question why a retailer would threaten to cutoff a potential paying customer.  Granted the threat (by it's definition) must be costly for both parties, but is there not a way for the retailer to find a "win-win" solution?  Thus, when faced with this tactic, one must immediately assume the communication is fraudulent and an attempting phishing scheme.

Unfortunately, phishing will be with us for the foreseeable future.  As individuals, our ability to recognize the attempted signalling involved with phishing and to question any potential threats will keep us safe from these attacks.