From Wikipedia: phishing is "the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication."
Phishing is usually implemented via email or instant messaging but any electronic messaging system may be used, e.g. Twitter. Phishing emails are usually spammed (sent via bulk, unsolicited email) or could be targeted to a specific organization or group. After obtaining usernames and passwords, cyber criminals could impersonate the owner of the compromised account, steal confidential information, send more spam, and commit other criminal activities.
If you receive phishing email (which may look authentic and legitimate) requesting sensitive information (e.g. usernames, passwords, email addresses, bank account numbers, date of birth, etc.):
After a targeted phishing email is reported, Information Technology Services (ITS) may choose to implement protective measures such as:
Please go to http://www.hawaii.edu/its under the Security Alerts section to check for the latest phishing attacks targeting UH usernames.
If you would like to receive phishing notices by email, go to http://www.hawaii.edu/its/notices/index.php and subscribe to our phishing-alert email list.
What is ITS doing about spam?
What can I do about spam?
Spam at the University of Hawaii
Security (or lack of it) on the Internet (Spam and Phishing)