The History and Evolution of Phishing Attacks

Retrieved from: https://consoltech.com/wp-content/uploads/2018/12/How-to-stop-Phishing-emails.jpg

TL;DR: Phishing attacks have been around since the mid-90s and due to their success rate, they have evolved to become one of the most used forms of malicious attacks.

Phishing attacks are a popular form of attack that have been around since the mid-1990s. “Phishing is an attempt to deceive the victim to gain access to confidential and private information and/or distribute infected files” (Gershwin, 2019). The term “Phishing” was first used in an AOL user group called AOHell (KnowBe4, n.d.). “Some of the earliest hackers were known as phreaks. Phreaking refers to the exploration, experimenting and study of telecommunication systems” (KnowBe4, n,d,). The spelling of the term “Phishing”, which replaces the “f” with “ph” was done in order to link this type of attack to phreaks.

AOHell Interface. Retrieved from: https://www.semanticscholar.org/topic/AOHell/3132882

Some of the earliest phishing attacks were performed on AOL users in the mid-1990s. AOL was one of the largest providers of internet service during the mid-1990s, which made it a target for hackers. It wasn’t long until a suite of hacker tools specifically designed to perform phishing attacks on AOL users was created. This toolset was aptly named AOLHell and was created by a seventeen-year-old who went by the name “Da Chronic” (Velzian, 2019).

AOHell Phishing tool. Retrieved from: https://www.semanticscholar.org/topic/AOHell/3132882

The phishing attacks that were carried out in the 1990s were done via instant messenger or through email. The hackers would use AOL’s instant messenger and AOL email accounts to impersonate AOL employees and contact targets in order to get them to give out their personal information, such as their credit card information or account login (Moramacro, n.d.). But as time went on, hackers developed more advanced forms of phishing that integrated malicious links to external websites.

In the early 2000s, hackers began to register domain names to impersonate businesses (Moramacro, n.d.). These websites were used to impersonate legitimate websites with the intent of stealing the victim’s login information. For example, a hacker may register the domain name amazon-billing.com to target amazon shoppers. This approach only helped to legitimize the phishing emails in the eyes of their intended targets.

These impersonation websites are often referred to as cloned websites, as hackers can easily clone a website with free opensource tools. A quarterly report that was conducted by the Anti Phishing Working Group from October 2018 to March 2019, found that phishing websites have increased from fifty-eight thousand to sixty-one thousand (Gershwin, 2019).

The typical phishing email will usually imitate a bank or credit card company. The email will inform the target that the company believes that their account has been compromised (Moramacro, n.d.). The email will include a link that will direct the target to a fraudulent website that will look like the home page of the business entity that they are impersonating. If the target enters their credentials, then the hacker has successfully deceived the target into disclosing their sensitive data.

Office 365 Phishing email. Retreived from:https://www.newcmi.com/blog/tips-for-detecting-a-phishing-email

Email phishing attacks have also evolved to become highly sophisticated attacks. The two newest forms of phishing attacks are spear phishing and whaling. Whereas a simple phishing attack will target many victims, spear phishing focuses on a specific target and whaling focus on a high-level target. In a spear phishing attack, research is conducted on the target in order to tailor the phishing attack to that specific target (Swinhoe, 2019). A whaling attack is when an attacker tries to compromise a high-level target, such as the president of a company. This type of attack requires the hacker to think beyond the traditional phishing attack methods, because high-level targets like company executives have usually received extensive training on traditional phishing attacks (Rapid7, n.d).

The phishing attack has also evolved to incorporate phone calls and text messages. Vishing involves the attacker calling the target and posing as an employee of the target’s bank or credit card company (Drolet, 2019). The hacker can easily manipulate caller ID to impersonate a company, only furthering the trust of the target that the hacker is a legitimate employee of the company (Moramacro, n.d.). The hacker will use the pretext that they believe that the targets account has been compromised and they need the account holder to verify information about the account. This usually involves the hacker asking the target to verify username, password, and account number.

A Smishing attack is a phishing attack that is done through SMS text messaging. The attacker sends a message to the target with a malicious link hoping the target will click on the link (Drolet, 2019). The message will contain a call to action to entice the victim to click on the malicious link that will either download virus or try to steal the victims account credentials.

Smishing Messages. Retrieved from:https://www.digitaltrends.com/computing/smishing-threat-targets-phones-by-text-message/

Some of the statistics on phishing shows just how successful these attacks are and how lucrative they can be. According to a 2019 study, “[p]hishing attempts have grown 65% in the last year” and “account for 90% of data breaches”, which resulted in a loss of twelve billion dollars to businesses (Retruster, 2020). With the payoff of a successful phishing attack being so lucrative, this type of attack will be around for a while if strong security measures are not developed to thwart these types of attacks.

Even though phishing has been around for more than twenty years, its popularity doesn’t seem to be waning. With the cost of entry being only internet access and time, this type of attack will be around for a while. It will be up to cyber security professionals to come up with new ways to prevent these types of attacks from being successful and protect companies and individuals.

 To watch a demonstration of phishing attacks, watch the videos below.

Phishing attack demonstration. Retrieved from: https://www.youtube.com/watch?v=lc7scxvKQOo 

Phishing attack demonstration. Retrieved from:https://www.youtube.com/watch?v=PWVN3Rq4gzw

Sources

Drolet, M. (2019, August 9). Smishing and vishing: How these cyber attacks work and how to

prevent them. Retrieved April 29, 2020, from https://www.csoonline.com/article

/3411439/smishing-and-vishing-how-these-cyber-attacks-work-and-how-to-prevent-them.html

Gershwin, A. (2019, July 31). The evolution of phishing attacks: why are they still effective?

Retrieved April 29, 2020, from https://hackernoon.com/the-evolution-of-phishing-attacks-why-are-they-still-effective-44bdb8f458c2

KnowBe4. (n.d.). History of Phishing. Retrieved April 29, 2020, from

https://www.phishing.org/history-of-phishing  

Moramacro, S. (n.d.). Phishing Definition and History. Retrieved April 29, 2020, from

https://resources.infosecinstitute.com/category/enterprise/phishing/phishing-definition-and-history/

Rapid7. (n.d.). Whaling Phishing Attacks Explained: What Is Whaling? Retrieved April 29,

2020, from https://www.rapid7.com/fundamentals/whaling-phishing-attacks/

Retruster. (2020). Retruster. Retrieved April 29, 2020, from https://retruster.com/blog/2019-

phishing-and-email-fraud-statistics.html

Swinhoe, D. (2019, January 21). What is spear phishing? Why targeted email attacks are so

difficult to stop. Retrieved April 29, 2020, from https://www.csoonline.com/article/3334617/what-is-spear-phishing-why-targeted-email-attacks-are-so-difficult-to-stop.html

Velzian, B. (2019, August 28). AOHell - Hacking Horror Stories - Vol.1. Retrieved April 29,

2020, from https://www.quadrotech-it.com/blog/hacking-horror-stories-vol-1-aohell/