Phishing is now a word that is commonly used in every other cyber-attack these days. But, this word hasn’t been around forever. It was initially originated around 1995 when the first phishing scam took place. The word became common in the last ten years because of the increase in the number of phishing scams. To avoid becoming a victim of such a scam, we have to learn the basics of phishing like what is phishing? What is the history of phishing? So, let us discuss the origin of phishing.
If you are new to phishing then it is better to start from the very beginning. Before going into the depth of phishing we first have to understand, what is phishing? We have to learn about the origin of phishing and for that, we have to go through the history of phishing. Learning about the first phishing scam and its evolution will help us to understand, how it all started?
What Is Phishing?
Phishing can be understood as an attempt by the scammers, hackers, cybercriminals, and adversaries, in which they lure the computer as well as internet users into promulgating their personal and sensitive information, like bank details, card details, social security number, username, passwords, birth date, etc., through a maliciously framed email or a message.
In simple words, in the phishing attacks, hackers disguise or pretend themselves as legitimate or authorized people from a well- known entity or institution. They send a phishing email that looks like a legitimate one and asks the user to click on a phishing link. The link directs the victim to a malicious phishing website that demands personal information of the user. Upon entering the information, it is sent to the hackers and all the sensitive information is compromised.
History Of Phishing
Origin Of The Word “Phishing”
It is believed by several people that the “Phishing” word is an influenced form of the word “Fishing”. If we compare both words then we can say that phishing is a technique in which the cybercriminals “fish” for sensitive information in the “sea” of users. We can also say that in a phishing scam, hackers bait the users just like in fishing, we bait the fishes.
Generally, hackers use the alphabets “ph” in place of “f” and this the reason that the initial hackers were known as phreaks. Phreaking is the word that is used to explain the technique of hacking the telecommunication systems. The use of “ph” in phishing is a way to connect the underground communities of hackers to the phishing scams.
The First-Ever Phishing Attack
The concept of phishing came into existence in the early 1990s through American Online (AOL). At that time, a group of hackers came together and created a community called the warez community. They were considered as the first “phishers”.
The First Phishing Algorithm
The warez community was successful in making an algorithm that used to generate random credit card numbers. They used to make phony AOL accounts and try to make use of those random credit card numbers. If any card number used to hit a match with the real card number, they were able to successfully create an AOL account. Then, they used to use the account to scam other users of the AOL community.
The First Phishing Impersonation Attack
By the year 1995, AOL was able to put an end to the credit card scam. But, by that time, warez group switched to a new type of attack i.e. impersonation attack. In this new method, the group made use of AOL messenger in which they used to create spoof emails, impersonating themselves as AOL employees, and send them to AOL customers. The problem became so severe that the word “Phishing” was first used on January 2, 1996, in a Usenet group, giving a reference to AOL scam. As a remedy to the scam, AOL finally sent emails to its customers to be aware of potential phishing abuse and not to share any personal information via messenger or email.
Evolution Of Phishing- A Switch To Phishing Emails
With time, as people were becoming more aware of messenger scams, phishers switched to a new scam using the phishing emails.
- The first phishing attack on an eCommerce platform was reported in June 2001, in the form of E-Gold Website. Although, that was an unsuccessful attempt.
- By September 2003, the phishers started creating phony websites that looked similar to popular sites like yahoo and eBay. Then, they used to send authentic-looking spoof emails to the users, directing them to the malicious phony websites.
- In October 2004, a Paypal phishing attack happened in which the Paypal users were affected by Mimail virus. In this, on clicking on a link present in the phishing email, purporting to be from PayPal, the users were directed to a popup window in which they were asked to enter the user name and password. Upon entering the details, all the information was immediately sent to the adversaries.
Today, the variety of phishing attacks has become varied, just like the fishes in the sea. Phishing attacks are becoming more and more sophisticated which calls for the need for us to understand the meaning of phishing and learning about the history of phishing.