“Phishing” is a form of Internet fraud that aims to steal valuable information such as credit cards, social security numbers, user IDs and passwords. A fake website is created that is similar to that of a legitimate organisation, typically a financial institution such as a bank or insurance company. An email is sent requesting that the recipient access the fake website (which will usually be a replica of a trusted site) and enter their personal details, including security access codes. The page looks genuine, because it is easy to fake a valid web site. Any HTML page on the web can be modified to suit a phishing scheme. Phishing e-mails are often sent to large lists of people, expecting that some percentage of the recipients will actually have an account with the real organisation. The term comes from "fishing," where bait is used to catch a fish. In phishing, e-mail is the bait.