Oliver Page
Case study
May 25, 2024
Although phishing scams seem like a product of the digital age and increased online presence, they are, in fact, almost as old as the internet. If you want to find out when did phishing first appeared, how it got its name, and other intricate details, stay tuned. We're about to go all the way back to the 90s and reveal all.
The term phishing was coined in January 1995, when the AOHell software, designed with an automated mechanism for stealing passwords and credit card details, was created. This enabled mass targeting of America Online (AOL—the biggest provider of internet access at the time) users and the theft of their data. Although the practice of scamming users and stealing passwords was probably present from the early days of the internet in the 1980s, with AOHell, a new era started.
It is believed that AOHell was created by a teenager known under the pseudonym Da Chronic. AOHell was the first phishing system publicly available, and it inspired the creation of numerous similar systems in the following years. By the end of the 20th century, everyone from amateurs to professional scammers was able to use them, and the problem impacted not just AOL but other networks, affecting individuals, organizations, and governments, it became a global problem.
The group of hackers had a huge success rate mostly due to the fact that most AOL users were completely new to being online and that AOL itself barely gave any warnings about stealing passwords for most of 1995. So, potential victims weren't aware of the danger of scams. Here's how it worked in 5 steps:
The two final steps are repeated until AOL security staff detects and deletes the hacker's account, which usually happens in no more than 5 minutes. The thing is, some of AOL employees were usually present in those chat rooms, so they would also get the bait message and immediately start working on removing that account.
What AOHell did was that it automated pretty much every step of the process, allowing hackers and anyone else to choose whether they want to proceed with one of already prepared bait messages or compose their own and send it to all members in the room.They could also adjust the number of "phishes" (targets) and opt whether they are fishing for passwords or credit card details, and the message would be adjusted accordingly. It was designed so straightforward that it could be used by anyone, containing even the help button, in case any clarification about phishing is needed.Since the time they had for an attack was very limited, this automation software allowed phishers to message members of dozens of chat rooms in a matter of only a few seconds, increasing their success rates significantly. The risk of being actually caught was minimal, and due to weaknesses in AOL's system, success was almost always guaranteed.
The term phishing comes from the word fishing, which was used to name early-day scams. When AOHell was created, both fishing and the variation with "ph" phishing were used. The reason for introducing the "ph" version could be related to the fact that early underground hackers were known as phreaks, although phreaking referred to experimenting and exploring telecommunications systems.
The evolution and spread of software similar to AOHell were fast and impressive. Already in 1995, dozens of similar programs came out, offering additional functions and improvements. Interestingly, many of them were created by teenagers who gathered around loose underground communities.However, in the late 1990s, phishing crossed the borders of AOL, entering video games, instant messaging, and other internet services. Although it was never morally right, with the transition from AOL to the Internet in the early 2000s, phishing became recognized as a proper criminal activity and was used in many large-scale sophisticated scams.
In its essence, phishing hasn't changed much from the early days; it adapts to new services, trends, and modes of online operating, and it is still a fairly successful scamming method used globally. However, the stakes are much higher. Instead of gaining free internet time, hackers can now gain access to sensitive data.The rise of social media platforms is another important factor because it presents a vast source of information on individuals and big companies. By default, companies are present on at least two or three social media platforms, revealing basic information that hackers can use as a ground base to build their schemes.With phishing emails becoming the main mode of delivering ransomware, things went onto another level again. Hijacking a victim's data or deviceand asking money for their return became one of the most lucrative scams. Although individuals can also be targeted, nowadays, institutions such as hospitals, schools, and governments are the usual main targets.
These types of cyber scams will likely continue to evolve, improve, and adapt. The only way to prevent becoming a victim is to stay cautious, avoid clicking on untrusted links, pay attention to spelling mistakes in emails, and resist any pressure to urgently verify identity, change a password, or send any personal information. Additionally, reporting each case is a valuable contribution to the further enhancement of security systems.Browse our blog section for more articles on cybersecurity and Cybernut.
https://www.phishing.org/history-of-phishing
https://arxiv.org/pdf/1106.4692
https://cofense.com/knowledge-center/history-of-phishing/
https://www.verizon.com/business/resources/articles/s/the-history-of-phishing/
https://www.graphus.ai/blog/history-of-phishing/
Oliver Page
On the same topic
Back
