Phishing operates by sending forged e-mail, impersonating an online bank, auction or payment site; the e-mail directs the user to a forged web site which is designed to look like the login to the legitimate site but which claims that the user must update personal info. The information thus stolen is then used in other frauds, such as theft of identity or online auction fraud.

A number of malicious "Trojan horse" programmes have also been used to snoop on Internet users while online, capturing keystrokes or confidential data in order to send it to outside sites.