Early Phishing

Abstract

The history of phishing traces back in important ways to the mid-1990s when hacking software facilitated the mass targeting of people in password stealing scams on America Online (AOL). The first of these software programs was mine, called AOHell, and it was where the word phishing was coined. The software provided an automated password and credit card-stealing mechanism starting in January 1995. Though the practice of tricking users in order to steal passwords or information possibly goes back to the earliest days of computer networking, AOHell's phishing system was the first automated tool made publicly available for this purpose. The program influenced the creation of many other automated phishing systems that were made over a number of years. These tools were available to amateurs who used them to engage in a countless number of phishing attacks. By the later part of the decade, the activity moved from AOL to other networks and eventually grew to involve professional criminals on the internet. What began as a scheme by rebellious teenagers to steal passwords evolved into one of the top computer security threats affecting people, corporations, and governments.