Home > P > phishing
« philanthropreneur    phone-bin »
phishing
(FISH.ing) pp. Creating a replica of an existing Web page to fool a user into submitting personal, financial, or password data. —adj.
phish v. —phisher n.

Example Citations:
Phishing is the term coined by hackers who imitate legitimate companies in e-mails to entice people to share passwords or credit-card numbers. Recent victims include Charlotte's Bank of America, Best Buy and eBay, where people were directed to Web pages that looked nearly identical to the companies' sites.

The term had its coming out this week when the FBI called phishing the "hottest, and most troubling, new scam on the Internet." The name appears to have no connection to the band Phish, an FBI spokesman said.
—Andrew Shain, "Phishing to steal your information," Charlotte Observer, July 25, 2003

Tips on how to avoid the Internet scam known as phishing.

  • If you receive an unexpected e-mail saying your account will be shut down unless you confirm your billing information, do not reply or click any links in the e-mail body.

  • Before submitting financial information through a Web site, look for the "lock" icon on the browser's status bar. It means your information is secure during transmission.

  • If you are uncertain about the information, contact the company through an address or telephone number you know to be genuine.

  • If you unknowingly supplied personal or financial information, contact your bank and credit card company immediately.

  • Suspicious e-mail can be forwarded to uce@ftc.gov, and complaints should be filed with the state attorney general's office or through the FTC at www.ftc.gov.
—Kevin Pang, "'Phishers' widen their catch of Web identity victims," Chicago Tribune, July 29, 2003

Earliest Citation:
It used to be that you could make a fake account on AOL so long as you had a credit card generator. However, AOL became smart. Now they verify every card with a bank after it is typed in. Does anyone know of a way to get an account other than phishing?
—mk590, "AOL for free?," alt.2600, January 28, 1996

Earliest Media Citation:

'Brrrrring!' The musical tone of an instant message on America Online sounded through my PC's speakers.

The message box popped up. The sender was somebody called 'VLA Carol.'

'Hi,' the message said. 'I am with the Virtual Leader Academy (VLA). Recently one of our OverHead contacts has discovered an error in the stratus system and the information is unrecoverable. Due to this fact, we will need you to reply with your current logon password so that we may update our files and make the needed changes. Thank you for your cooperation.' OverHead contacts? Stratus system? Yeah, right.

While this particular scam was pretty transparent, it was the second such solicitation I've received on AOL in as many months. ...

The scam is called 'phishing' — as in fishing for your password, but spelled differently — said Tatiana Gau, vice president of integrity assurance for the online service.
—Ed Stansel, "Don't get caught by online 'phishers' angling for account information," Florida Times-Union, March 16, 1997

Notes:
The term phishing comes from the fact that Internet scammers are using increasingly sophisticated lures as they "fish" for users' financial information and password data. The most common ploy is to copy the Web page code from a major site — such as AOL — and use that code to set up a replica page that appears to be part of the company's site. (This is why phishing is also called brand spoofing.) A fake e-mail is sent out with a link to this page, which solicits the user's credit card data or password. When the form is submitted, it sends the data to the scammer while leaving the user on the company's site so they don't suspect a thing.

Hackers have an endearing tendency to change the letter "f" to "ph," and phishing is but one example. The f-to-ph transformation is not new among hackers, either. It first appeared in the late 1960s among telephone system hackers, who called themselves phone phreaks. Here's the earliest citation of the word phreak:

He decides to check out London first. He chooses a certain pay phone located in Waterloo Station. This particular pay phone is popular with the phone-phreaks network because there are usually people walking by at all hours who will pick it up and talk for a while. ...

Fraser begins to phreak around, as the phone phreaks say.
—Ron Rosenbaum, "Secrets of the Little Blue Box," Esquire, October 1, 1971

Related Words:
419 scam
cracker
cramming
crime-as-a-service
crimeware
dark-side hacker
dot con artist
empty spam
fat finger dialing
grandparent scam
identity theft
passthought
password trap
phone phishing
pretexting
puddle phishing
scam baiting
scam card
slamming
smishing
spear-phishing
targeted Trojan horse
vishing

Categories:
E-mail
Hacking and Hackers
Internet
Privacy and Security
Crime

Posted on August 1, 2003