The hook part of a phishing scam is the email or page containing a link requesting the user's personal information. This link typically directs the user to a site made to look like a commonly used resource, such as Amazon, eBay or Facebook, in the hopes that the user will trust it as a secure connection and enter his information.
Phishing emails often take the form of communications that appear to be from popular websites or payment systems such as PayPal or an instant messaging chat with a customer support staff member. Phishing communications may request personal information that will be used by a criminal directly, or they can deliver malware onto a computer. One example of a widely used phishing malware is CryptoLlocker, a program controlled remotely by a scammer that denies users access to their files until a ransom is paid.
The vast majority of reputable retailers, payment processors and social media sites never ask for banking information or vital personal data such as a social security number, so be wary of any request of this kind of information as it is likely to be part of a phishing scam. Phishing has only recently become an epidemic with the advent of the digital age, but phishing techniques have been documented since the infancy of the Internet, as early as 1987.