Early Phishing

TL;DR

This paper traces the origins and evolution of phishing from the 1990s, highlighting the development of early automated tools like AOHell and their impact on cybersecurity threats over time.

Contribution

It provides a historical overview of phishing, emphasizing the significance of early automated tools and their role in shaping modern cyber threats.

Findings

AOHell was the first automated phishing tool.

Phishing evolved from amateur to professional criminal activity.

Phishing became a major cybersecurity threat.

Abstract

The history of phishing traces back in important ways to the mid-1990s when hacking software facilitated the mass targeting of people in password stealing scams on America Online (AOL). The first of these software programs was mine, called AOHell, and it was where the word phishing was coined. The software provided an automated password and credit card-stealing mechanism starting in January 1995. Though the practice of tricking users in order to steal passwords or information possibly goes back to the earliest days of computer networking, AOHell's phishing system was the first automated tool made publicly available for this purpose. The program influenced the creation of many other automated phishing systems that were made over a number of years. These tools were available to amateurs who used them to engage in a countless number of phishing attacks. By the later part of the decade, the activity moved from AOL to other networks and eventually grew to involve professional criminals on the internet. What began as a scheme by rebellious teenagers to steal passwords evolved into one of the top computer security threats affecting people, corporations, and governments.