What is phishing?
Phishing is a type of social engineering where a person tries to pretend legitimate what he is not actually. And in this way tries to steal the information for criminal activities (Kataria Anirudh, 2016, Kindle Locations 150-154). Nowadays, phishing generally refers to different techniques used by so-called information thieves to steal personal information such as usernames, passwords, and credit card details from internet users in many different ways, often for malicious reasons. To achieve this, the internet scammers will disguise their tools as a trustworthy entity.
Phishing is one of the easiest forms of cyberattack for to carry out. Most of them are carried out through emails and messages which directs users to enter personal information at a fake website looks like the real one only the URL is different. Phishing emails and websites usually appear to come from a well-known organization and ask for your personal information. Once you are deceived to give out your sensitive information, you will never know what kind of danger you are in until it is too late. It can result in identity theft and even worse, financial loss.
Origins of the term “phishing”
Phishing is a very interesting word. I look up the dictionary to find out its origin. It is the respelling of “fishing”, on the pattern of “phreaking”’. At first I could not understand why “fishing” is involved in the word “phishing”. Then I realized the concept of it is the internet scammers use their tools to “fish for” personal information. By analogy with the sport of angling, these Internet scammers were using e-mail lures, setting out hooks to "fish" for passwords and financial data from the "sea" of Internet users. Hackers commonly replace the letter f with ph, a nod to the original form of hacking known as phone phreaking. (Russell Kay, 2004).
The history and evolution of phishing
i. Early AOL phishing
The concept of phishing can be traced back to the early 1990s via America Online, or AOL. A group of hackers and pirates that banded together and called themselves the warez community are considered the first “phishers.” In an early scam, they created an algorithm that allowed them to generate random credit card numbers, which they would then attempt to use to make phony AOL accounts. When they hit a match to a real card, they were able to create an account and spam others in AOL’s community, only needing a few to take the bait.
By 1995, AOL was able to stop the random credit card generators, but the warez group moved on to other methods, specifically pretending to be AOL employees and messaging people via AOL Messenger for their information. This quickly became such a problem that on January 2, 1996, the word “phishing” was first posted in a Usenet group dedicated to American Online. AOL eventually included warnings on all its email and messaging software to alert users of potential phishing abuse.
ii. A switch to Email
As people became more savvy about messenger scams, phishers switched to email communications, which were easy to create, cheap to send out, and made it nearly impossible for them to get caught. And while most of these phishing messages were poorly constructed and full of grammatical errors at first, they quickly began to get more sophisticated.
September 2003, phishers began registering domains that were similar to popular companies, such as yahoo-billing.com and ebay-fulfillment.com. Then they launched an assault with new, more legitimate-looking emails, directing recipients to websites using these types of addresses to fool people into thinking they were real.
In October 2003, Paypal users were hit by the Mimail virus; when they clicked on a link contained in a phishing email, a popup window purporting to be from Paypal opened and instructed them to enter their user/password, which was immediately sent to the hackers.
In 2004, potential voters for presidential candidate John Kerry received an official-looking email, encouraging them to donate via an included link; it turned out to be a scam operating in both India and Texas that had no connection to the Kerry campaign.
Today, methods of phishing are as varied as, well, fish in the sea; fraudsters continue to come up with new ways to gain trust, avoid detection, and wreak havoc. One of many disturbing trends is the use of information gleaned through social media to make the communications as personal as possible, sometimes referred to as “spear-phishing” or “social engineering fraud.”
These types of ploys sometimes involve the long, slow, con, perhaps drawing someone in with conversation on Facebook, eventually asking for money or passwords. Or, they can use the information they learn publicly about the victim in order to be more convincing with their scam.
“Think about what people express publicly now vs. 15 years ago. It used to be very difficult to find information on people outside of their house,” Peter Cassady of the Anti-Phishing Working Group (APWG) was quoted as saying. “Now, people put so much information online and the bad guys can create semi-custom approaches and create these fantastically precise narratives.” (Phishing Definition and History, n.d.)