The Phishing Landscape

Phishing is a fraudulent means by which various cyber criminals use to access their victims private information (names, usernames, passwords, emails bank details etc.) This information is then used against the reputation of these victims or for the criminal’s individual enrichment. Most phishing scams are sent through emails, forged links and website pop-ups. Phishing begun as a silent attack that not so many internet users were aware of. After a while the phishing landscape was brought to light. Various whistle blowers who had either fallen victims to phishing or had one way or the other interacted with the alleged criminals spoke out concerning this emerging trend which had become a cyber-crime. 

When did it all start?

In the early 1990s when internet activities had just begun and were yet to become popular, the term phishing was unknown. It was during the year 1996 that some hackers coined it. Phishing described their then activity of stealing American online user accounts together with their passwords. In early 2000s, phishing was at its peak and officially categorized as a cyber-crime. Many victims were from developed regions of America and Europe. This cyber-crime was so immense to the sense that various murders and rape cases were traced to it. Due to these severe consequences on the affected societies, local and international authorities started an active awareness campaign against phishing criminals. Since the year 2000 to date phishing scams have evolved immensely thus creating the need for internet users to be more alert and keen on their device security as well as information sharing. 

Who are the phishing target victims?

Phishing can operate on a large scale scope as well as small scale scope. The large scale scope targets are company executives, CFOs, CEOs and board directors. Small scale scope targets individuals who may be actively sharing their personal information across the internet through emails or online account set-ups. Mentioned below are 6 common ways by which cyber criminals use to target their victims through phishing. 

  1. Deceptive phishing which is the most common type. Here, phishers use the impersonation of a legitimate organization or company to collect personal and sensitive information from their victims.
  2. Spear phishing is target phishing common on social media sites and email platforms. Most of the cyber criminals here are often recognizable since they employ the use of personalized info. 
  3. Vishing entails the use of voice over internet protocol to target victims by placing a voice call and in the event steal information from them. 
  4. Smishing whereby fraudsters embark on an active message campaign especially on social media platforms and applications. These messages often have an unknown link that maliciously hands over your personal information once you click on it. 
  5. Pharming which is an advanced phishing method that neither uses emails, links nor messages. Here, the DNS is targeted, poisoned and its IP address changed. 
  6. CEO Fraud or whaling in this scenario, fraudsters target high level executives, usurp their information and use it to access company data and finances. 

To what extent has phishing evolved?

It all started with the successful AOL phishing attack of 1994-1995. After this, a renowned hacker created the AOHell windows application which came with a phishing toolkit. Having such a leveraging background, phishing activities escalated and the world became an active playground for phishing scams. In the advent of the year 2000, penny stock scams were launched and led to the all famous penny stock scam of India which occurred in 2006. In penny stock scams, fraudsters pose as banking officials or officials from insurance and credit companies. These scammers make many deceptive promises to their victims who in turn give them their sensitive information such as bank accounts and passwords. In around 2007 to 2019 a wave of Nigerian fraudsters together with others from western African countries such as Cameroon emerged online.  These phishers send out emails and messages purporting their unstable political backgrounds. In these messages/emails the phishers ask for financial help through funds transfer to a provided bank account. Once a victim makes a contribution, they use the details to access his account and manipulate further fund transfers.