It is pronounced ‘fishing’ and that is basically what it means. It is a process where attackers deceitfully coerce or fish out the passwords and financial information from unsuspecting victims.
It is one of the oldest types of cyberattacks, yet it remains one of the most widespread ones as the techniques get increasingly sophisticated.
Aѕ fаr bасk аѕ 2005, аbоut 1.2 milliоn соmрutеrѕ in thе US ѕuffеrеd losses оf аbоut US$929 milliоn duе tо рhiѕhing whilе in thе UK, 1 in 20 computer uѕеrѕ сlаimеd tо lоѕе, to phishing, аbоut £23.2 million.
According to phishing.org, “By the beginning of 2004, phishers were riding a huge wave of success that included attacks on banking sites and their customers. Popup windows were used to acquire sensitive information from victims.
Since that time, many other sophisticated methods have been developed. They all boil down to the same basic concept, though, and it is safe to say that this concept has proved to be quite effective.”
History shows that a phishing technique was described in detail in a paper and presentation delivered to the 1987 international HP Users Group, Interex, but it won’t be until the 1990s, mid-90s to be precise, that the term ‘phishing’ was coined by a well-known hacker and scammer known as Khan C. Smith.
The first mention was found in the hacking tool with a function for attempting to steal the passwords and/or financial details of America Online (AOL) users. This tool was called AOHell.
AOHell was released in 1995 and its mode of operation allowed the attacker to pose as an AOL staff and send a message to a potential victim, luring him to give out sensitive information.
Phishing attacks are usually carried out with fake emails and websites and the victims usually fall prey because they trust these emails and websites.
Culled from CSO, below are some precautions which you can take to avoid getting ‘phished’.
Always check the spelling of the URLs in email links before you click or enter sensitive information
Watch out for URL redirects, where you’re subtly sent to a different website with identical design
If you receive an email from a source you know but it seems suspicious, contact that source with a new email, rather than just hitting reply
Don’t post personal data, like your birthday, vacation plans, or your address or phone number, publicly on social media.