Enough with the statistics – where did phishing come from? How did it turn into a cybercrime responsible for millions of dollars in lost productivity and money each year?
In 1997, Tatiana Gau –then vice president of integrity assurance for AOL was dealing with an issue of hackers – sometimes referring to themselves as “phreaks" creating fake AOL accounts and selling them to other hackers. It is believed Tatiana coined the term "phishing" when interviewing for an article with the Florida Times-Union in March 1997. In the article as reported by Ed Stansel, Ms. Gau said “The scam was called ‘phishing’ — as in fishing for your password, but spelled differently." Hackers would impersonate AOL staff asking users for account information and, trusting as us humans are, they succeeded more often than not in getting the information they sought.
AOL shortly thereafter instituted measures to crack down on the number and ease of setting up “phish" accounts. After the hackers were turned away from AOL, they realized quickly they could use the same technique against financial institutions.
According to Wikipedia, one of the first phishing examples that targeted a financial system was E-gold in June of 2001. As time marched on, hackers were able to very successfully emulate the look and feel of emails so they looked like they were indeed originating from a specific institution. In the early phishing time frame (2001-2003), most emails were sent blindly to large email lists. This was referred to as “whale phishing" – you send out a bunch of emails in a huge net and hope to catch a few small phish. With today’s sophisticated technology and the ability for people to look up previously private information, phishers now target select groups of people. For example, when targeting a bank, it doesn’t make sense for a phisher to send out emails to people who don’t have bank accounts with that institution. They now perform “spear phishing" targeting emails to only those people who do have accounts at the targeted bank. Today, most phishing scams still target banking institutions but social networks and other premium paid sites are targeted as well. With a little bit of technology and common sense, it’s relatively easy to not get trapped by the phishers.
The following sources were used to write this article: