The act of sending an e-mail to a user falsely claiming to be an
established legitimate enterprise in an attempt to scam the user into
surrendering private information that will be used for identity theft.
The e-mail directs the user to visit a Web site where they are asked to
update personal information, such as passwords and credit card, social
security, and bank account numbers, that the legitimate organization
already has. The Web site, however, is bogus and set up only to steal
the user's information.