Phishing
Submission 9,529
Part of a series on Internet Slang. [View Related Entries]
Navigation |
About • Origin • Spread • Search Interest • External References |
About
Phishing is a neologism used to describe attempts to obtain sensitive information by masquerading as a reputable company or organization in electronic communications. Typically, phishing attempts are carried out through email and instant messaging services, which direct targets to fake websites that are designed to appear identical to official banks, social media platforms or other password-protected services.
Origin
In 1987, a presentation was delivered at the International HP Users Group, which described a phishing-style technique. The term "phishing" is believed to have been coined by hacker Khan C. Smith in the 1990s, but the first archived use of the term was found in the 1994 hacking tool AOHell,[1] which contained a function for stealing the passwords of America Online users.
Spread
In June 2001, the earliest phishing attempt against a payment system was directed toward the digital gold currency service E-Gold.[2] In 2003, the financial affairs publication The Banker reported on the earliest known phishing attempt against a retail bank in an article titled "Battle Against Identity Theft."[3] According to the American research and advisory firm Gartner, phishing attacks increased by 28% between May 2004 and May 2005, with an estimated 2.4 American victims and approximately $929 million in losses. In October 2007, The Washington Post[4] reported that nearly half of phishing thefts in 2006 were orchestrated by various operations maintained by the St. Petersburg-based Russian Business Network. That year, Gartner[6] reported that an estimated 2.6 million adults lost $3.2 billion due to phishing scams. On June 14th, 2008, the /r/phishing[5] subreddit was launched for discussions about the scamming practice. On August 21st, 2013, YouTuber Cyber51Security posted a video demonstrating how phishing attacks working by fishing a bag containing the words "user name" and "password" out of a small bucket filled with water labelled "Internet" (shown below).
On April 30th, 2014, YouTuber minutephysics uploaded a video about a sophisticated YouTube phishing attack (shown below, left). Within three years, the video gained over 1.46 million views and 2,700 comments. On October 14th, Trend Micro released a ad parodying phishing attacks titled "Phishing Scams – Don't Be That Guy" (shown below, right).
2017 Google Docs Spear-phishing Attack
In early May 2017, people began receiving fraudulent emails with fraudulent notifications that they had been shared on various Google Docs, along with a fake "Open in Docs" button. On May 3rd, Twitter user @zachlatta shared a GIF of himself viewing one of the emails, referring to the attack as "super sophisticated" (shown below).
zeynep</a> Just got this as well. Super sophisticated. <a href="https://t.co/l6c1ljSFIX">pic.twitter.com/l6c1ljSFIX</a></p>— Zach Latta (
zachlatta) May 3, 2017
That day, Redditor JakeSteam submitted a post explaining how the attack works to /r/google,[7][7] where it received upwards of 13,900 votes (94% upvoted) and 1,100 comments. Within the hour, Google disabled the spammer developer account used to orchestrate the attack. Shortly after, Redditor methreethatis submitted JakeSteam's post to /r/bestof[8] titled "u/JakeSteam posts info for phishing email impersonating Google Docs, scam gets stopped within 30 mins."
Search Interest
External References
[2] Financial Cryptography – Archives
[3] The Banker – Battle Against Identity Theft
[4] The Washington Post – Shadowy Russian Firm Seen as Conduit for Cybercrime
[5] Reddit – /r/phishing
[6] Garneter – Garner Survey Shows PHishing Attacks Escalated in 2007
[7] Reddit – New Google Phishing Attack
[8] Reddit – u/JakeSteam posts info
Share Pin
Related Entries 517 total
Recent Images 0 total
There are no recent images.
Recent Videos 0 total
There are no recent videos.