Simply put, phishing is an attempt to acquire sensitive information, such as usernames, passwords, and credit card details, by masquerading as a trustworthy entity in electronic communication.

There are many ways of carrying out phishing: via cross-site scripting and cross-site request forgery, which we have seen in the previous chapters, such as in Chapter 3, Cross-site Scripting and Chapter 4, Cross-site Request Forgery. It does not necessarily take place on your web browser only; it can also start from your e-mail (e-mail spoofing) or even via instant messaging.

Phishing works as a result of mischief (sometimes) and deception; in this final chapter, we will learn about the various ways in which JavaScript phishing works and learn the basics of defending against them.