The history of phishing: Everything you need to know

Why is phishing called phishing?

So why is it called phishing? Phishing is called that because, like fishermen who use bait to catch fish, hackers use deceptive tactics — such as fake emails or websites — to lure victims and steal their sensitive information.

The “ph” in phishing comes from “phreaking,” which was the term used for hacking phone systems. The hackers who started using these tactics were called phreaks, so they gave their new technique a name that stuck.

The origin of phishing

The origin of phishing dates back to the early days of the internet, when America Online (AOL) became a major target. AOL provided internet access, email, instant messaging, and a range of content services, which made it a go-to platform for millions of users at the time.

With such a large user base, hackers started using phishing to deceive people and steal personal data. What started as a simple scam eventually grew into one of the most common cybersecurity threats on the web today.

When did phishing first appear?

Phishing first appeared in the 1990s when hackers started using AOL to steal credit card information and commit other online crimes (more on that later). The term “phishing” was also first used around this time. It’s believed to have been coined by Khan C., an early hacker involved in the hacking community, to describe the technique of "fishing" for victims in a sea of online users.

The history of phishing attacks: How they evolved

Phishing attacks have changed dramatically since their early days in the mid-1990s. Let’s take a look at phishing’s background and how it has evolved over time.

AOL phishing attack (mid-1990s)

In the mid-1990s, many people were still using dial-up internet, and AOL was one of the most popular ways to get online. Some users wanted to avoid paying for internet access, so they figured out how to change their screen names to make it seem like they were AOL employees.

Using these fake names, they tricked others into revealing their login credentials. This deception allowed scammers to access the internet for free and send spam from other people’s AOL accounts. 

This tactic marked the beginning of phishing, where hackers used deceptive methods to steal personal information. The AOL phishing email attacks were some of the first to employ this type of social engineering, laying the groundwork for future online scams.

The love bug (2000)

A major turning point for phishing came in May 2000 with the "love bug" virus. This particular attack, which started in the Philippines, quickly spread worldwide. The phishing email had the subject line "ILOVEYOU" and a simple message: "Kindly check the attached LOVELETTER coming from me."

When people opened the attachment, they unknowingly unleashed a trojan that damaged their computers, erased image files, and sent itself to everyone in their address book. This attack showed how hackers could use social engineering to spread malware, and highlighted the dangers of opening suspicious email attachments.

Phishing targets financial systems (2001)

In 2001, phishers began to target online payment systems. One of the first major targets was E-Gold, a digital currency site. While the attack wasn’t very successful, this event opened the door for future phishing campaigns aimed at stealing money.

By 2003, phishers started registering fake domains that looked almost identical to real websites like eBay and PayPal. They sent fake emails, tricking users into clicking on links that led to malicious websites. Once there, users were asked to enter their sensitive information, such as credit card numbers. This new focus on stealing financial details made phishing even more dangerous.

The rise of pop-ups and banking attacks (2004)

By 2004, phishing attacks had grown more advanced. Cybercriminals targeted banking customers with fake pop-up windows asking for sensitive data. This new tactic led to massive losses: between May 2004 and May 2005, approximately 1.2 million computer users in the US lost around $929 million.

Phishing has since become a serious threat to both individuals and businesses. This shift marked the evolution of phishing into a more organized form of cybercrime, with new tactics like business email compromise (BEC) beginning to take root.

Around this time, pharming techniques also started gaining traction. Pharming is when attackers redirect users to fraudulent websites without their knowledge to steal their information.

Phishing becomes organized (2008)

In 2008, phishing attacks became even more sophisticated. Cybercriminals started using specialized software to carry out phishing campaigns, which allowed them to scale these attacks globally. With the rise of Bitcoin and other cryptocurrencies, phishing attacks have become more secure and harder to trace.

Cybercriminals now had a way to handle phishing payments without revealing their identities, which made it easier to profit from these scams. As a result, it became much harder to track and stop phishing attacks. Around the same time, vishing (voice phishing) also began to emerge, as attackers started using phone calls to trick people into providing confidential information.

Phishing attacks target social media platforms (2010)

In 2010, social media platforms like Facebook and Twitter became common targets for phishing attacks. Scammers used fake profiles, malicious links, and fake login pages to steal personal information and login credentials.

These attacks grew because social media sites hold a wealth of personal data, making them valuable targets. Users became more vulnerable to phishing through the growing number of friend requests, messages, and posts that led to spoofed sites designed to harvest login details.

Phishing via mobile devices (2012)

As the use of mobile devices became more widespread, phishing attacks shifted towards smartphones. Scammers started using SMS and mobile apps to send fake links to users, tricking them into revealing sensitive data. This type of phishing is known as "smishing" (SMS phishing).

Smishing was particularly effective because mobile users often had less security awareness and trusted text messages more than emails. This shift made mobile phishing an increasing threat as mobile payments and app-based services became more popular.

Spear phishing and targeted attacks (2014)

In 2014, spear phishing — targeted phishing attacks — became more common. Instead of sending generic phishing emails, attackers researched their targets and customized emails to appear more legitimate.

Scammers making the emails more personalized made it much harder for potential victims to spot the attack. Spear phishing attacks were particularly dangerous for businesses because they often targeted high-level executives or employees with access to sensitive information.

Phishing attacks on cloud services (2016)

The increasing use of cloud services like Google Drive, Dropbox, and Office 365 has made these platforms attractive targets to cybercriminals. Attackers started sending emails that appeared to be from cloud service providers, asking users to verify or reset their login credentials.

These attacks grew as businesses and individuals relied more on cloud storage for sensitive information. This shift in behavior led to a change in phishing tactics, with a focus on the increasing number of cloud-based services.

Phishing continues to thrive amid Covid-19 (2020)

The Covid-19 pandemic provided a perfect storm for phishing attacks. As millions of people worked remotely and relied more on email and online communication, phishing campaigns increased.

Attackers took advantage of the fear and uncertainty surrounding the pandemic by sending fake emails about Covid-19 vaccines, financial aid, and remote work tools. This surge in phishing attacks during a global crisis showed how cybercriminals use current events to target vulnerable users.

Phishing evolves with AI and machine learning (2021–present)

Since around 2021, phishing attacks have greatly evolved with the help of artificial intelligence (AI) and machine learning. Cybercriminals have used these technologies to create more personalized and convincing phishing messages.

Scammers started using AI algorithms to analyze social media profiles, emails, and other online data to tailor phishing attacks specifically to their targets. The use of AI made the phishing emails look more authentic and harder for people to identify as scams.

Machine learning also allowed attackers to automate phishing campaigns on a much larger scale. This technological shift made phishing not only more sophisticated but also harder for traditional spam filters and security systems to detect.

Phishing today: Current phishing threats

Phishing remains one of the most common online threats today. While the tactics have evolved, some classic phishing methods are still effective. Here are the most prominent current types of phishing attacks, many of which have been around for years but continue to adapt and impact users worldwide.

Business email compromise (BEC)

Business email compromise (BEC) is a scam where attackers impersonate an executive or trusted partner within a business to trick employees into wiring money or revealing sensitive data. Cybercriminals use social engineering to create convincing emails that look like they come from legitimate sources, making it difficult for employees to spot the scam.

Spear phishing

Spear phishing is a highly targeted form of phishing, in which attackers customize emails to specific individuals or organizations. Instead of sending generic phishing emails, attackers gather information about their target to craft messages that appear more authentic.

Sometimes, it can be hard to distinguish between spear phishing and BEC because both are highly targeted attacks. However, while spear phishing typically focuses on stealing sensitive data or installing malware, BEC attacks are specifically aimed at businesses with the goal of tricking employees into transferring funds or authorizing financial transactions.

Vishing (voice phishing)

Vishing uses phone calls to impersonate legitimate organizations, such as banks or government agencies, to steal their information. Scammers may spoof caller ID to make it appear that they are calling from a trusted number, which makes the scam harder to detect.

Consider a situation where you receive a phone call from someone claiming to be from your bank, notifying you of suspicious activity on your account. The caller asks you to verify your account number and PIN to “secure” the account. Trusting the caller to be who they claim, you unknowingly provide your personal details, which the scammer then uses to access your account.

Credential harvesting through fake login pages

Credential harvesting involves creating fake login pages for well-known platforms, such as banks, social media sites, and online stores. These fake pages are often hard to distinguish from the real ones, which makes credential harvesting a particularly dangerous form of phishing.

Deepfake phishing

Deepfake phishing uses artificial intelligence to create realistic, manipulated audio or video messages. Attackers use deepfake technology to impersonate trusted individuals — such as company executives or family members — to deceive victims into transferring money or providing sensitive information.

Picture a scenario in which an employee responsible for finances receives a phone call from someone claiming to be the CEO. Thanks to deepfake technology, the voice sounds exactly like the CEO’s. The caller urgently requests a transfer of funds, and, trusting the voice, the employee complies, unknowingly transferring the money to a fraudulent account.

Smishing

Smishing, or SMS phishing, uses text messages to deceive victims into clicking malicious links or revealing sensitive information. Scammers often create a sense of urgency to pressure users into acting quickly, which makes them more likely to fall for the scam.

Clone phishing

Clone phishing is a form of phishing where an attacker uses a legitimate email the victim has received before and replaces the original link with a malicious one. Since the email looks familiar, the victim is more likely to trust it and click the link.

Imagine receiving an email that looks identical to one you received previously from an online retailer, with a link to "track your order." This time, however, the scammer has replaced the legitimate link with one that leads to a fake website and captures your payment details when entered.

Phishing through social media and messaging apps

Phishing through social media and messaging apps has become more prevalent as scammers increasingly target users on platforms like Facebook, Instagram, and WhatsApp. In these attacks, scammers often impersonate brands, celebrities, friends, or customer service representatives.

Angler phishing

Scammers behind angler phishing attacks target social media users by pretending to be customer service representatives for popular brands. Scammers respond to users’ complaints or questions and direct them to fake support pages, which often lead to phishing sites that capture login credentials or install malware.

Imagine you tweet a complaint to a popular online retailer about a delayed order. Within minutes, you receive a reply from what looks like the official customer service account offering help. The reply includes a link to resolve the issue, but it redirects to a fake website designed to steal personal information.

How to protect yourself from phishing

Phishing emails can look real, but don’t let scammers trick you. Stay alert and follow simple steps to protect your personal and financial information. Keep reading to learn how to prevent phishing attacks.

• Watch for signs of a phishing email. Scammers often disguise their messages as urgent requests from banks, delivery services, or tech support, so treat unexpected emails from these services with caution. Also, if an email urges you to act fast, stop and think — reputable companies don’t rush you into making decisions.
• Verify with the source. If an email asks for sensitive information or makes an unusual request, don’t reply or use any phone numbers or links it provides. Instead, contact the company directly through its official website or customer support number.
• Use security software. Install reliable antivirus and an anti-phishing solution to block phishing emails before they reach your inbox. NordVPN’s Threat Protection Pro™ feature includes a malicious website blocker that automatically scans URLs while you’re browsing and blocks phishing sites before they can cause harm.
• Enable two-factor authentication (2FA). 2FA adds an extra layer of security by requiring an additional authentication step, like a one-time code sent to your phone, before you can log in. Even if a hacker gets your password, they won’t be able to access your account without this second factor.
• Use a VPN. A VPN encrypts your internet connection, keeping your data more secure, especially on public Wi-Fi. However, a VPN alone won’t protect you from phishing. If you use NordVPN with a plan beyond the basic one, you also gain access to Threat Protection Pro™, which blocks phishing, malware, trackers, and ads.
• Avoid clicking on links or downloading suspicious attachments. Phishing emails often contain links that lead to fake websites or malicious attachments. If you weren’t expecting an email with a link or file, don’t click it. Hover over links to check the real URL, and only download attachments from trusted sources.
• Report suspicious messages. If you receive a phishing email, report it. Most email providers have a “Report phishing” option to help filter out phishing scams. You can also report phishing attempts to your bank, workplace, or government agencies that track online fraud.