Create an ArticleUser Guide

How Has Phishing Evolved?

Aug 12, 2021

iCrowdMarketing powered by iCrowdNewswire


Phishing? That sounds exactly like a familiar activity we all know, doesn’t it? Of course, we are referring to fishing in real life. So what are the letters p and h doing there and what does phishing even mean? Perhaps more to the point, what correlation does that have with cybersecurity? Well, there is a good reason for that as well as a historical introduction that we have to get into before understanding the significance of phishing and how that pertains to all of us who use the internet. Most folks in IT and cybersecurity (defense of the digital domain) automatically know that phishing is a simple internet scam that involves little to no sophistication. Yes, phishing is a primitive scam technique but still leads to many dangers, in fact, it can lead to devastating results for the victim that is being phished. The devastation caused by such an infantile hacking technique is difficult to fathom. We’ll look at what phishing is, then go into the numerous types of real-world phishing scams out there and finally understand how to protect yourself against phishing.

The roots of phishing are rather interesting. Back in the age of AOL (America Online) way before the dot-com boom in the mid-1990s, the term appeared when hackers (cybercriminals) were breaching and stealing AOL accounts. As far as why phishing is called the way it is called, this stems from an even older primitive form of hacking that was known as phreaking. Even before the mid-90s, since advanced computer systems weren’t around, hacking was directed at telephony and telephone systems. Phone freaking existed even as far back as the 1970s. Today, the term phishing is a salute to older forms of hacking. Also, by the mid-90s accounts that were hacked (like via AOL at the time) were referred to as phish. Phish was even considered a form of currency (AOL phish) which was used as payment in return for hacking codes when the infamous underground warez community was in high regard, for example. The way to refer to phishing hackers is phishers, and even today these simple social engineering scams pull in tons of stolen credentials, accounts, and sensitive information. Literally, hundreds of millions of dollars in damage have been caused by nasty phishing scams and we need to understand that this is completely avoidable.

How Does Phishing Work?


In the early days, during the warez community days mentioned above, scammers would create algorithms (codes) to create random card numbers in an attempt to create illegitimate AOL accounts. These were hit-and-miss attempts, which were sometimes successful in the early days of the primitive internet. They would then spam others in an attempt to bait others, just like baiting fish, to take the bait. Once these scams became public knowledge, phishers had to change their attack path and this meant switching to email scams. In the early 2000s, phishers became quite sophisticated and were creating complete domains that were in effect, traps. These traps fooled people into thinking that what they were clicking on was real. Today, more than a decade after the inception of email phishing, these techniques are still being used to prey on naive and unsuspecting internet users. In fact, email phishing techniques are among the most popular attack techniques cybercriminals use for making a quick buck as we speak. Multi-layered phishing campaigns (that hackers can also automate) allow for constant, lazy scraping of user data leaving attackers with a pool of stolen usernames, passwords, accounts, and so on for later use.

Today, in 2021, the difference is that phishing has evolved. It has evolved in several ways; we now have targeted spear-phishing and complex social media social engineering fraud. In actuality, scammers rely on the advancement of technology and new products. Their area of expertise is adapting to new platforms to create new techniques to scam unsuspecting users of their credentials, sensitive information, or ultimately their hard-earned money. The issue is that, compared to a decade or so ago, people, in general, overshare everything about themselves online and are not aware of the cybersecurity issues surrounding this. They do not understand that every iota of personal information they put out there can be collected over a long period and pieced together resulting in a breach of their account at some point. Most people do not utilize privacy settings, virtual private networks, or even good password hygiene when browsing the internet or using social media.

The Several Types of Phishing Scams


There are several types of phishing attacks that have been determined by security researchers over the years. All of these techniques have one thing in common, to scam people and take advantage of them. The following are several types of phishing techniques in use today;

  • Email phishing (deceptive phishing)

  • Spear phishing (targeted phishing)

  • HTTPS phishing (web security protocol fraud)

  • Whaling (CEO fraud)

  • Smishing (SMS phishing)

  • Vishing (voice phishing)

  • Pharming (redirection phishing)

  • Pop-up phishing (phishing via web pop-ups)

  • Fake Wi-Fi hotspot phishing (phishing via fake hotspots)

  • Watering hole phishing (website trapdoor phishing)


To be clear, there is no way to categorize phishing attacks from best to worst. All of them are bad and cannot have positive consequences. Phishing attacks account for almost a third of all data breaches in organizations all over the world, and it is the largest threat to SMBs (small-to-medium businesses.) Phishing schemes do not require a lot of resources from cybercriminals. Most phishing software can be found for free online or bought for a low price in the worst case. Furthermore, a phishing attack does not require expert hackers who know how to code in Python, for example. So, it is a favorite cybercriminal technique because it is easy to conduct and does not take time, while the rewards more than makeup for the effort.

How to Protect Against Phishing


Protecting devices against phishing attacks is not as difficult as it sounds. Actually, preventing phishing attacks to you personally or your organization (or at the very least slowing it down) means simply following these tips;

  • First and foremost, beyond any all-in-one solution, is simply being aware of what phishing is and training employees to be aware of it

  • Using premium antimalware programs that can detect phishing attempts in real-time

  • Using email filters the right way. This means knowing what spam filters do, as well as using additional email security applications that can detect malicious attachments and strange activity

  • Using MFA or multi-factor-authentication across all devices will stop phishers from exploiting usernames and passwords

  • High-level organizations should look for fake or duplicate websites that are mirroring them

  • Keeping all software and hardware updated/patched to the latest security versions.