Happy Birthday Phishers (2006)
First Published: X-Force Monthly Magazine

2006 marks the 10th anniversary of the first public acknowledgement of a Phishing attack.  Way back in 1996 the objective of a Phisher was to obtain AOL authentication credentials and higher download quotas, but it wasn’t until March 1997 that the term “phishing” was publicly coined in a popular computing magazine.  A lot of things have changed since then

In the last 10 years we have seen Phishers utilize email spam engines, IRC or IM channels, web banner advertising and even bulletin boards in an attempt to drive potential victims to fake or malicious websites.  What began as an annoying “geek” theft of login credentials, has now developed into a highly organized international business – complete with specialist tools, money laundering, international bank transfers, credit card manufacturing and identity theft.

In 2001, as organizations were being swamped with email, the phishers focused upon slipping their faked messages past anti-spam filters and using obfuscated URL’s embedded within HTML emails to fool recipients into visiting fake websites and capturing their banking credentials.  For a couple of years the emails became more and more sophisticated – using ever more devious technical tricks to fool recipients.  Success figures as high as 5% were often quoted – meaning that 1 in 20 of all phishing emails sent fooled the recipient into following an embedded link and submitting their authentication details. 

While it’s only been a couple of years since phishing attacks made it as front-page news, there have been considerable advances in the sophistication of the vectors used by the phishers.  Manipulation of DNS records – such as changing IP address resolution information for popular web sites to hosts that the phisher controls at an ISP-level – have lead to the new term “Pharming” and regional targeting of victims.  Focused phishing attacks – utilizing custom Trojans, keyloggers and restricted distribution lists (e.g. email recipients are all known to be customers of a particular organization or belong to a small regional ISP) – have made it almost impossible for legacy signature-based systems to provide preemptive protection and coined the new phrase “Spear Phishing”.

Now, 10 years on from the first acknowledgement of phishing, the expectation is that attacks will continue to evolve and make use of each new popular electronic communication protocol to socially engineer message recipients into departing with their identity and authentication details.   

X-Force researchers continue to monitor the Phishers and their techniques. Based upon past adoption tactics, the increasing global use of VoIP in both commercial and domestic environments likely means that Phishers will take full advantage of the communication channel along with the anonymity it can provide.  It will be interesting to see what this vector gets called by the media – since all the previous vectors begin with a “ph”, are we looking at “Phiting” (Phishing over IP Telephony), “Phreaking”, or something else entirely?

    Copyright 2001-2007 © Gunter Ollmann