MUNDANE MYSTERIES: What Is “Phishing”?

We’ve all known people or businesses that have fallen prey to “phishing” attacks. But what is a “phishing” scam? And why is it called that?

Back when the word originated, “phishing” attacks were specific to one single spot: AOL. In 1994, a group of enterprising hackers from across the country started impersonating AOL representatives in private chats, scamming unsuspecting AOL users into surrendering their login credentials & credit card info. The hackers were mainly just interested in stealing the data so they could use AOL through other people’s accounts, rather than having to pay for their own. One of the hackers nicknamed the process of baiting a person into turning over their personal details “fishing.”

By January 1995, the hackers had created “AOHell,” a software program that automated the process so that anyone (even non-hackers) could use boilerplate messages & options to “fish” for passwords or credit card numbers. It was in AOHell where “fish” was changed “phish”. Some people believe it was inspired by the phrase “phone phreak”, a term coined in the 70s for people who hacked phone lines to make free calls.

Phishing wasn’t AOHell’s only selling point. You could also, for example, “mail bomb” someone’s inbox with hundreds of spam emails; use the “Punt” button to log an AOL user out of their account; click “Ghost” to erase all comments except for yours; or send “a graphically obscene gesture” to everyone in a chat room.

But this group of hackers’ stint as the internet’s most powerful agenst of chaos didn’t last forever, nor did AOL’s reign as the online service provider of choice. But the concept of phishing continued to grow & mutate, as did the term “phishing”, which grew right along with it.

Got a Mundane Mystery you’d like solved, send me a message via Twitter (@AndyWebbRadio), or shoot me an email at andy@wfre.com.