Every type of crime in the world has a history. They all had to begin somewhere and sometime, whether it was a thousand years ago or a decade ago. Phishing, like every other crime, has a beginning. Since modern day internet has only been around for a decade or so, internet-related spam crimes are newer to the world. Being as new as they are, the first “sighting” of phishing is well recorded and remembered.
The First Appearance of “Phishers”
In the late 1990’s, America Online (AOL) released their first internet program. Many people rushed to purchase the internet software, but some of these people decided they didn’t want to do it legally. Some people signed up for AOL using fake credit card information. This didn’t last long, as AOL created additional software to prevent this from happening. However, the criminals did not stop after that, and they thought up a different plan to avoid paying. This plan was the beginning age of phishing.
The First True Phishing Plan
The new plan that the criminals thought up would cause a lot more harm than just using an AOL account without paying. The steps created would allow the criminals (now thieves) to obtain other people’s billing information, which could then be used for anything the thieves wanted. For the thieves, the plan was simple. The best part for the criminals was that it was almost impossible to catch before it was too late. Basically, the steps were these:
• First the thieves would buy pirated AOL software to create a fake AOL account and act as an AOL customer service representative.
• The thief would then send an instant message to another AOL customer claiming that a problem has occurred with the customer’s account.
• The thief would ask the customer for verification (over instant messaging) of identity. Generally, the thief would try to obtain the person’s password. Because phishing was unheard of at this time, it was not usually hard to do.
• After the thief got a hold of the customer’s password, they would be able to log in and access that customer’s account. This would also give them access to the customer’s billing information.
• Once the thief obtained the customer’s billing information, they would be able to use it for whatever they liked.
AOL’s Attempts To Stop Phishing
Once AOL realized what was going on, they began trying to warn their customers of these phishing attempts. They added a small not to the instant messaging system stating that AOL would never ask for passwords or other personal information through instant messaging. However, most people did not see this note until after it was already too late.
AOL then turned to the media for help. The company began informing the public about this problem through website newsletters and regular news posts. This is where the word “phishing” was first used. It was compared to the sport of fishing. Phishing was described as three main events:
1) The thief would hook the bait. This is where the thief would ask for a password acting as an employee of AOL.
2) The thief would catch the victim. This is where he/she would obtain the password from the victim.
3) The thief would finish off the victim. This is where the thief would access the victims billing information and use it.
AOL’s Winning Battle
Despite warning the public through the media, phishing attempts were still taking place. This is where AOL took serious action. AOL spent time designing software to add to their service that would block all pirated AOL software from having any connection with the real AOL customers. Once AOL succeeded in creating this software, almost all instant messaging phishing attempts halted. AOL may have won this war, but the criminals began creating new techniques to phish for a victim’s information. In time, these new techniques would become much harder to control.