Phishing

Phishing is the act of attempting to acquire information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Communications purporting to be from popular social web sites, auction sites, online payment processors, or IT administrators are commonly used to lure the unsuspecting public. Phishing emails may contain links to websites that are infected with malware.

Phishing is typically carried out by e-mail spoofing (altering the sender address) or instant messaging, and it often directs users to enter details at a fake website whose look and feel are almost identical to the legitimate one. Phishing is an example of social engineering (manipulating people into performing actions or divulging confidential information), and exploits the poor usability of current web security technologies. Attempts to deal with the growing number of reported phishing incidents include legislation, user training, public awareness, and technical security measures.

The first recorded mention of the term ‘phishing’ is found in the hacking tool ‘AOHell’ (released in 1994), which included a function for stealing the passwords of America Online users. A recent and popular case of phishing is the suspected Chinese phishing campaign targeting Gmail accounts of highly ranked officials of the United States and South Korean’s Government, military, and Chinese political activists. The Chinese government continues to deny accusations of taking part in cyber-attacks from within its borders, but evidence has been revealed that China’s own People’s Liberation Army has assisted in the coding of cyber-attack software. Phishing on AOL was closely associated with the warez community that exchanged pirated software and the hacking scene that perpetrated credit card fraud and other online crimes. After AOL brought in measures in late 1995 to prevent using fake, algorithmically generated credit card numbers to open accounts, AOL crackers resorted to phishing for legitimate accounts and exploiting AOL.

A phisher might pose as an AOL staff member and send an instant message to a potential victim, asking him to reveal his password. In order to lure the victim into giving up sensitive information the message might include imperatives such as ‘verify your account’ or ‘confirm billing information.’ Once the victim had revealed the password, the attacker could access and use the victim’s account for fraudulent purposes or spamming. Phishing became so prevalent on AOL that they added a line on all instant messages stating: ‘no one working at AOL will ask for your password or billing information,’ though even this didn’t prevent some people from giving away their passwords and personal information if they read and believed the IM first. Eventually, AOL’s policy enforcement with respect to phishing and warez became stricter and forced pirated software off AOL servers. AOL simultaneously developed a system to promptly deactivate accounts involved in phishing, often before the victims could respond. The shutting down of the warez scene on AOL caused most phishers to leave the service.

The term ‘phishing’ is said to have been coined by well known mid-1990s spammer and hacker Khan C Smith, and its use was quickly adopted by warez groups throughout AOL. AOL enforcement would detect words used in aol chat rooms to suspend the accounts individuals involved in pirating software and trading stolen accounts. The term was used because ‘<><‘ is the single most common tag of HTML that was found in all chat transcripts naturally, and as such could not be detected or filtered by AOL staff. The symbol <>< was replaced for any wording that referred to stolen credit cards, accounts, or illegal activity. Since the symbol looked like a fish, and due to the popularity of ‘phreaking’ (hacking phone systems), it was adapted as ‘phishing.’

The capture of AOL account information may have led phishers to misuse credit card information, and to the realization that attacks against online payment systems were feasible. The first known direct attempt against a payment system affected E-gold in June 2001, which was followed up by a ‘post-9/11 id check”‘ shortly after the September 11 attacks on the World Trade Center. Both were viewed at the time as failures, but can now be seen as early experiments towards more fruitful attacks against mainstream banks. By 2004, phishing was recognized as a fully industrialized part of the economy of crime: specializations emerged on a global scale that provided components for cash, which were assembled into finished attacks.

Phishing attempts directed at specific individuals or companies have been termed ‘spearphishing.’ Attackers may gather personal information about their target to increase their probability of success. Clone Phishing is a type of attack whereby a legitimate, and previously delivered, email containing an attachment or link has had its content and recipient address(es) taken and used to create an almost identical or cloned email. The attachment or Link within the email is replaced with a malicious version and then sent from an email address spoofed to appear to come from the original sender. It may claim to be a re-send of the original or an updated version to the original. This technique could be used to pivot (indirectly) from a previously infected machine and gain a foothold on another machine, by exploiting the social trust associated with the inferred connection due to both parties receiving the original email. Several recent phishing attacks have been directed specifically at senior executives and other high profile targets within businesses, and the term ‘whaling’ has been coined for these kinds of attacks.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.