If you ask three people what phishing is, you’ll likely get three very different answers. To understand what phishing is, you have to look at the past. Discover how phishing evolved into the three types of phishing scams being carried out today.
If you write “What is phishing?” on a whiteboard during a meeting and ask the attendees to write their answers on a slip of paper, you might get answers like:
Except for the last response, all of these answers are correct albeit incomplete.
What Phishing Is
Phishing is a form of fraud in which a malicious actor (aka a hacker or cybercriminal):
Its roots have been traced back to the days when America Online (AOL) was popular. In 1995, a group of hackers came up with a scheme to steal money from AOL users. Posing as AOL employees, they sent messages to numerous users through the service’s email and instant messaging systems. The messages asked users to either verify their account details or confirm their billing information. “More often than not, people fell for the ruse,” according to phishing historians. “After all, nothing like it had ever been done before.”
In 1996, people began using the term “phishing” to describe this type of attack because the hackers tried to lure AOL users into taking the bait, much like fishing enthusiasts try to lure fish into eating the bait on their hooks. And the use of “ph” instead of “f” was no accident, according to phishing historians. Some of the earliest hackers were called phreaks, so this spelling linked the phishing scams with this underground community.
Changing with the Times
As time went by, people became more aware of phishing scams and didn’t take the bait as often. This prompted hackers to begin devising new ways to hook victims. They started using spoofed websites and pop-up windows to trick people into providing personal and financial information. Cybercriminals began targeting businesses, which required them to create more personalized phishing messages. And hackers started infecting victims’ devices with malware by attaching weaponized files to phishing emails. Cybercriminals even started calling potential victims. Auto dialers and other technologies make it an easy and inexpensive way for cybercriminals to send phishing phone messages to the masses.
Another change seen over the years concerns the phishing scam’s role. Originally, hackers used phishing scams for standalone attacks. For example, the hackers used a phishing email to get victims to divulge their bank account login credentials, which the hackers used to steal money from those accounts. While cybercriminals are still carrying out standalone phishing attacks nowadays, they are also using phishing scams as part of larger attacks. For instance, cybercriminals can use a phishing scam as part of a data breach. The hackers first use a phishing email to get company employees to reveal their credentials for an app, then use the compromised credentials to access it. By exploiting a vulnerability in the app, the hackers are able to infiltrate the company’s network and steal proprietary data.
The Types of Phishing
Due to the various adaptations that hackers have made, there are now three main types of phishing:
Don’t Be Scammed
Hackers have been phishing for more than 25 years, so they are very good at it. Thus, you need a solid defense against this threat. We can help you develop and implement a comprehensive plan to protect your business against phishing, spear phishing, and whaling attacks.