puddle phishing
pp. Phishing that is targeted at a small company.
Other Forms
Scary statistics about Internet security were the subject of another speaker, David Culbertson, vice president, research and development, for Computer Services Inc. in Paducah, Ky.

There is a new phishing technique called "puddle" phishing being employed against community banks, which are the "puddle" since they are a smaller target that has been off the phishers' radar screen until now, he explained. While large banks have done a good job of educating their customers against phishing attacks, community and regional banks have not done so well.
—Bill Poquette, “Nebraska Independent Community Bankers,” Bank News, December 01, 2005
Traditional phishing is when spammers send users official-looking e-mail messages to request such data as social-security numbers or passcodes, and threaten to deactivate, block or restrict users' accounts if they do not update their personal information. Until now, the practice has largely been directed at customers of large, multinational banks. But according to Websense Security Labs, which reports on Internet security threats, the number of small credit unions targeted by puddle-phishing scams have tallied more than 30 since the beginning of the year. At least one of the community banks targeted has only 11 branches, while another puddle-phishing attack targeted a credit union that serves employees and staff of the White House.
—“Phishing Flows Downstream,” VAR Business, August 08, 2005
2005 (earliest)
Websense, Inc. (NASDAQ: WBSN), the world’s leading provider of employee internet management solutions, today announced that phishing scams are increasingly being directed at smaller, more targeted groups, including local banks and credit unions. Websense Security Labs coined the term "puddle phishing" to describe the phenomenon of targeting customers of small financial institutions.
—“Puddle Phishing: Small, Local Institutions Now Targeted by Online Fraud,” Websense Press Release, June 13, 2005