Communications from popular social websites, online payment processors, or IT administrators are commonly used to lure in the unsuspecting public. The web address for the phishing site may closely resemble the authentic website. It may even contain the address of the authentic website, but also includes code to reroute the traffic to a false website.