A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing, probably influenced by phreaking, and alludes to baits used to "catch" financial information and passwords.
Phishing comes in two forms, ordinary phishing, where thousands upon thousands of emails are sent out to random individuals in hopes that even a small percentage will fall for the scam and give up their personal information, and spear phishing, which is a targeted attack usually aimed at large companies and corporations with the goal of obtaining confidential company data rather than just personal information.
Phishing attacks are on the rise, and two of the most commonly used companies in such attacks, Paypal and eBay, have teamed up with GMail in an effort to protect their customers. They now use a technology called Domain Keys. eBay and Paypal now digitally sign every email they send, and GMail automatically rejects any unsigned messages.
Unfortunately most ISPs are not using this technology yet, but it's easy to protect yourself. First, keep in mind that no companies will ask you for your password or any other personal info via email. If there is a problem with your account, you'll be notified via phone or snail mail. Second, legitimate emails from companies you do business with will always address you via your name or user name, not “Dear User” and their grammar will more than likely be correct. Finally, always let your mouse pointer hover over a link before clicking it, and check out what it says in the info bar at the bottom. If it's a bogus link you'll see so right away!
Select content modules
Anti-Phishing Blog
Anti-Phishing Blog. Monday, April 27, 2009. Possible Pandemic brings out Phishers ... This Blog serves as a repository for examples of phishing scams to help ...www.bankersonline.com/phishing/McAfee SiteAdvisor Blog: phishing Archives
Many of the readers of this blog are pretty savvy when it comes to security issues. ... MailFrontier published the first phishing quiz back in 2004. ...blog.siteadvisor.com/phishing/phishing | The Blog Herald
... and Sources to Help You Blog. Blog Resources: Researching the Research, Finding the ... phishing, scammers, scams, spam blogs, splog, sploggers, Splogs ...www.blogherald.com/tag/phishing/Official Google Blog: How to avoid getting hooked
... a phishing attack. ... are things you can do to steer clear of phishing attacks: ... Search Engine Watch Blog. Slashdot - Google. Techdirt. The Launch Pad ...googleblog.blogspot.com/2008/04/how-to-avoid-getting-hooked....Official Gmail Blog: Fighting phishing with eBay and PayPal
Phishing messages are a form of spam that attempt to deceive recipients to gain ... It's a bold move, but one that will really help fight phishing. ...gmailblog.blogspot.com/2008/07/fighting-phishing-with-ebay-a...
A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing, probably influenced by phreaking, and alludes to baits used to "catch" financial information and passwords.
History and current status of phishing
A phishing technique was described in detail in 1987, in a paper and presentation delivered to the International HP Users Group, Interex. The first recorded mention of the term "phishing" is on the alt.online-service.America-online Usenet newsgroup on January 2, 1996, although the term may have appeared earlier in the print edition of the hacker magazine 2600.
Early phishing on AOL
Phishing on AOL was closely associated with the warez community that exchanged pirated software and the hacking scene that indulged in credit card fraud and other online crimes. After AOL brought in measures in late 1995 to prevent using fake, algorithmically generated credit card numbers to open accounts, AOL crackers resorted to phishing for legitimate accounts and exploiting AOL.
A phisher might pose as an AOL staff member and send an instant message to a potential victim, asking him to reveal his password. In order to lure the victim into giving up sensitive information the message might include imperatives like "verify your account" or "confirm billing information". Once the victim had revealed the password, the attacker could access and use the victim's account for fraudulent purposes or spamming. Both phishing and warezing on AOL generally required custom-written programs, such as AOHell. Phishing became so prevalent on AOL that they added a line on all instant messages stating: "no one working at AOL will ask for your password or billing information".
After 1997, AOL's policy enforcement with respect to phishing and warez became stricter and forced pirated software off AOL servers. AOL simultaneously developed a system to promptly deactivate accounts involved in phishing, often before the victims could respond. The shutting down of the warez scene on AOL caused most phishers to leave the service, and many phishers—often young teens—grew out of the habit.'''
Transition from AOL to financial institutions
The capture of AOL account information may have led phishers to misuse credit card information, and to the realization that attacks against online payment systems were feasible. The first known direct attempt against a payment system affected E-gold in June 2001, which was followed up by a "post-9/11 id check" shortly after the September 11 attacks on the World Trade Center. Both were viewed at the time as failures, but can now be seen as early experiments towards more fruitful attacks against mainstream banks. By 2004, phishing was recognized as a fully industrialized part of the economy of crime: specializations emerged on a global scale that provided components for cash, which were assembled into finished attacks.
