Phishing

(FISHing)

Phishing is an attempt to use social engineering and/or technical subterfuge to steal either personal identity or financial account details from a consumer in order to use that information to steal the consumer's identity and/or money. These attacks are broad-based in nature. Sometimes the data is just collected to be sold to others for exploitation.

The word derives from a "fishing expedition" that generally means methods of obtaining information. The "Ph" is a common replacement for "F" by hackers. This is in homage to the original hacking form: phreaking, a term coined by John Draper (aka "Captain Crunch") who brought hacking to light with the Blue Box, a device he used to hack into the telephone system in the early 1970 timeframe. Use of the Blue Box was known as "Phone Phreaking."

Phishing as a term, started around 1996 and was used to describe hackers who were scamming AOL account information from AOL users. The term appeared in January 1996 in the alt.2600 newsgroup but was probably used earlier elsewhere. By 1997 "phish" were traded as currency (e.g., trade X working AOL phish for Y hacking software code). The alt.2600 message was...

It used to be that you could make a fake account on AOL so long as you had a credit card generator. However, AOL became smart. Now they verify every card with a bank after it is typed in. Does anyone know of a way to get an account other than phishing? -- mk590, "AOL for free?," alt.2600, January 28, 1996

Since then, phishing has taken on a far broader application and targets include all users of online banking, credit card users, services like PayPal and eBay, and many other groups and organizations where having user information would be of use to hackers and, more seriously, criminals. Indeed, the term "crimeware" is now sometimes applied to more sophisticated phishing schemes which may include Trojans implanting keyboard loggers onto user systems. The APWG defines crimeware as technology different from adware, spyware and malware by the fact that it is, by design, "developed for the single purpose of animating a financial or business crime."