Contact us
EN  /PT
History of Phishing

History of Phishing

The Phishing Story

Do you know the history of phishing? Although many already know what it is and how it works, not everyone knows how this scam was born. The term was coined to refer to scams that seek to “hook” personal information and data. Precisely for this reason it is a neologism created as a fishing homophone. But how did the practice begin? How did the techniques of this scam begin to be applied? Find out more in this article on the history of phishing.

The history of Phishing

Applied to the digital medium, the term phishing is relatively. That is, it was created around 1996, by crackers who stole America Online (AOL) accounts. Scammers cheated users' passwords, using currently common methods for doing so, such as sending messages and emails with fake links. But the first public mention of the term was on January 28 of the same year, in the blackhat group alt.2600. It was made by user mk590, who said: "What happens is that in the past, you could make a fake AOL account, once you had a credit card generator. However, AOL was smart. Now, after entering the card details, it is done check with your bank. Does anyone else know of another way to acquire an account other than through Phishing? " In the following year, the term came to be quoted in the media, as well as phishs - hacked accounts used as currencies.

The Phishing story: how the scam started

But how did the history of phishing really begin? In short, in the early 1990s, the only option for accessing the internet was dial-up. Thus, a fee was bought that, for the time, exceeded the budget of many people. Thus, as an alternative, AOL offered a free, 30-day trial using a floppy disk. However, some users, in order not to be disconnected, changed their screen names to look like those of AOL administrators. Thus, using the false names, scammers 'hooked' login credentials to continue with free access. And how did they do that?

Phishing and AOL

To gain new access, scammers stole other users' passwords, in addition to using algorithms to generate random credit card numbers. Despite the few hits, the practice managed to generate a few correct numbers. In this way, the generated cards were used to open new accounts with AOL. With the new accounts, scammers send spam messages to other users, gaining new access and other types of information. The process was done through an instant messaging system, posing as AOL employees. To this end, the messages asked users to verify their accounts, or confirm information and payment methods.

Evolution of Phishing

With practices against AOL being reduced with the implementation of security systems, the phisher was looking for new victims. To do this, most of them bought domains from dozens of websites, similar to payment platforms such as eBay and PayPal. Thus, with unsuspecting users, scammers used e-mail worm programs to send fake e-mails. Taken to fake websites, customers were tricked into updating credit card details and other information.

The history of Phishing: the main attacks

Despite having state-of-the-art digital security, many large companies have already been targeted by phishing attacks. Google, Facebook, Microsoft and many other companies have been harmed by the criminal practice.

Phishing attack on Twitter

One example is that it happened in 2010, when Twitter was the target of sabotage, reaching several users with tempting messages. Thus, accompanied by suspicious links, the messages affected many users, who possibly had hijacked data. To avoid further damage, Twitter quickly reset the passwords of the affected users.

Operation phish phry

Another case in which phishing attacks were criminals posing as Bank of America and Wells Fargo, two of the largest banks in the United States. By sending messages with links to fake websites, the criminals, who acted in the United States and Egypt, went on to embezzle more than $ 2 million in almost three years. The FBI was called in to investigate the fraud, arresting 59 involved in the financial scams on the web.

Google and Facebook

Even the two tech giants have already been targeted by scammers who use phishing as a method of attack. That is, both were victims of Evaldas Rimasauska, a 48-year-old Lithuanian who passed himself off as Quanta Computer, a company that had Google and Facebook as customers. Thus, approximately £ 100 million was diverted by Evaldas, which was later recovered.

Free tools

Check a complete list of our free tools

Open