Phishing has had a short but highly eventful history as compared to the other cybercrimes as it only started about 8 years ago but has already caused as much if not more damge than any of the other cybercrimes.

The word “phishing” originated in the 1996 timeframe. The term was coined based on the analogy that fraudsters used email as a fishing hook to “phish” usernames, passwords and other sensitive information from the “sea” of internet users. The use of the letters “ph” is believed to have been derived from the word “phreaking”, which is the earliest form of hacking – the hacking of telephone lines. “Phishing” first surfaced around 1996, when criminals stole American Online (AOL) accounts by “phishing” the passwords from AOL users. Although this may not necessarily have been the first ever instance of phishing, it is the first well-known one and people first became aware of the dangers of the phishing hook.

Soon such hacked accounts were called “phish”. By 1997, “phish” was traded and shared between cyber crooks as a form of currency. Often, these criminals used “phish” to obtain a particular hacking tool or a favor from fellow hackers.

First media appearance of the term "phishing"

The word “phishing” appeared in the media for the first time in March 1997:

“The scam is called 'phishing' — as in fishing for your password, but spelled differently — said Tatiana Gau, vice president of integrity assurance for the online service.“ - Ed Stansel, "Don't get caught by online 'phishers' angling for account information," Florida Times-Union, 16 th March, 1997

Since then, the techniques of phishing has evolved and expanded. While the original phishers usually obtained their data by sending fake emails, today various other techniques are used such as: fake “phish” websites and Trojan horses.

Back to Jump

Phishing timeline : Before 2003

Before 2003, most phishers employed emails as their main medium of fraud. They used text-based emails to trick their recipients into divulging their personal information to the phishers. These emails contained many spelling and grammatical mistakes, that tipped some cautious users off.

Back to Jump

Phishing timeline : September/October 2003

Cyber crooks register many domain names that tend to mimic the well-known websites such as ebay-fullfillment.com and yahoo-billing .com. The idea here is to trick the victim into believing that he is accessing a safe and trustworthy site that he/she is familiar with.

Phishers were also becoming better at writing, as their messages start to become error-free and hard to detect as forgeries. The phishers also spice up their emails by using the appropriate corporate colors and stolen logos of the company they are trying to imitate. This makes their email look more ‘official’.

Back to Jump

Phishing timeline : December 2003

Phishers start employing a new technique which involves the legitimate website opening in the background, but a fake log-in page appearing in the front as pop-up window. Please see the screenshot here. Since, the pop-window does not have a address bar (the box which displays the URL of the current page), victims are fooled into thinking that the pop-up window and the legitimate site appear to be from the same source.

According to Anti-Phishing Working Group, reports of email fraud and phishing attacks surge more than 400 percent over the holiday season.

Back to Jump

Phishing timeline : February 2004

Another significant fraud technique unearthed. Many phishing sites started verifying the information submitted by the user with the real site to validate the information. If the information entered by the victim is found to be false, the phishing site asks the user to submit the correct information. This is a significant breakthrough, as now, the data collected by the phishers have already been validated, and are ready to be used.

Back to Jump

Phishing timeline : June 2004

Research company Gartner Inc. reports that phishing attacks cost the businesses and consumers about $2.4 billion in 2003.

Back to Jump

Phishing timeline : October 2004

Websites of legitimate-looking fake banks and loan firms are detected. Crooks use these websites to steal credit card numbers and passwords.

Back to Jump

Reference

The Phishing Guide - Part 2
http://www.technicalinfo.net/papers/Phishing2.html/

A Brief History of Phishing
http://www.bizreport.com/news/8384/

A Brief History of Phishing
http://www.washingtonpost.com/wp-dyn/articles/A59350-2004Nov18.html