Definition:
In the field of computer security, phishing is the criminally fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors or IT administrators are commonly used to lure the unsuspecting public. Phishing is typically carried out by e-mail or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineeringlegislation, user training, public awareness, and technical security measures. techniques used to fool users, and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include
A phishing technique was described in detail in 1987, and the first recorded use of the term "phishing" was made in 1996. The term is a variant of fishing, probably influenced by phreaking, and alludes to baits used to "catch" financial information and passwords.
History:
The word “phishing” originally came from the analogy of early Internet criminals using email lures to “fish” for passwords and financial data from a large sea of unsuspecting Internet users. The use of the “ph” in this terminology has been forgotten about over time. It was most likely linked to hacker naming conventions such as “Phreaks”.
This can be traced back to early hackers who were involved in “phreaking” – the hacking of telephone systems. A phishing technique was described in detail, in a paper and presentation delivered to the International HP Users Group, Interex. The first recorded mention of the term "phishing" is on the alt.online-service.america-online Usenet newsgroup on January 2, 1996, although the term may have appeared earlier in the print edition of the hacker magazine called “2600”.
In the early days of AOL you could create a fake account as long as you had a credit card generator. AOL smartened up to this technique. AOL now uses banks to verify every credit card submitted. By 1996, hacked accounts were called “phish”. By the time 1997 rolled around phish were actively being traded between hackers as a form of currency. There are instances where Phishers would routinely trade 10 working AOL phish for a piece of hacked software. This type software was referred to as “warez“, which is stolen copyrighted applications and games.
The earliest media reference to phishing wasn’t made until March 1997. “The scam was called ‘phishing’ — as in fishing for your password, but spelled differently” said Tatiana Gau, vice president of integrity assurance for AOL.
In 1997 Ed Stansel, reporting for the Florida Times Union, said “Don’t get caught by online ‘phishers’ angling for account information”.
The capture of AOL account information may have led phishers to misuse credit card information, and to the realization that attacks against online payment systems were feasible. The first known direct attempt against a payment system affected E-gold in June 2001, which was followed up by a "post-9/11 id check" shortly after the September 11 attacks on the World Trade Center. Both were viewed at the time as failures, but can now be seen as early experiments towards more fruitful attacks against mainstream banks. By 2004, phishing was recognized as a fully industrialized part of the economy of crime: specializations emerged on a global scale that provided components for cash, which were assembled into finished attacks.
Over time, the definition of what constitutes a phishing attack has blurred and expanded. The term Phishing does not just cover obtaining user account details. Now phishing includes stealing all personal and financial data. In the early days phishing entailed tricking users into replying to emails for passwords and credit card details. As we know now, phishing has expanded into fake websites, installation of Trojan horses by key loggers and screen captures. Then we have the “man in the middle” data proxies, which can be delivered through any electronic communication medium.
Conclusion:
Based from the research that has been made, the researchers can therefore say that the combination of phishers’ high success rate and negative global economies, has resulted in scams escalating. An off-shoot to the classic phishing scam now includes the use of fake job sites or job offers, fake online shop and even fake social networks. As what the research teaches us, phishing could also be use in classic money laundering scheme. The phishing past still keeps coming into the present hence people should be aware and careful.
The researchers recommend not to send personal or financial information in an email as it is not a secure method of transmitting such sensitive items -- look for a secure website. Keeping their virus software and firewalls turned on and updated, using passwords and changing them regularly, and never open suspicious attachments could prevent people from being one of the victims of this cyber crime.
Through continued industry cooperation, government actions, and users awareness, we all can make a big difference in the battle against phishing. People can make sure that they don’t get hooked into these devastating scams by phishermen.
