Information

The history of phishing is believed to have started sometime in the 1990s. Back then, the only internet option was dial-up, which cost money. Although there was a 30-day free trial option, some people still didn't want to pay. So they came up with a method to change their screen names to appear as administrators, tricking others into sharing their login information. This is one of the earliest forms of phishing and what is believed to be the start of phishing's long history.

On May 4, 2000, the scammers stepped up their game with a new revolutionary tactic. They unleashed a wave of letters around the globe to mailboxes with the title "ILOVEYOU". The message was simple yet effective. People around the globe opened what seemed to be a simple text file, curious to see who their crush was, only to receive a worm that copied the victims outlook address book and sent it to the scammer. However, since the virus originated in the Far East, it was identified early Thursday morning, May 4th. By 8:30, major news services had fairly accurate details of the attack. Throughout the day, several precautions were taken to prevent the virus from spreading, and by the next morning, most e-mail systems were open and ready to use again.

The damage done by this bug was estimated to have cost $5 billion to $15 billion worldwide. With such severe damage, it served as a lesson on how effective and dangerous phishing scams could truly become.

For simplicity, I will break down the process into 4 stages. The first stage of the phishing process is planning. In this article, you will learn that there are many different methods to trick an individual into sharing their credentials. They have to decide whether to target a single person, a group, or an entire company. Once the hacker decides whom or how many they plan to target, they must decide how they will trick you into clicking the link. We will call this stage delivery. Say the hacker plans to target a large group of people. Sending personalized DMs for social media phishing is not a reasonable way to target large groups of people.

However, an attack using the Deceptive Phishing method allows the attacker to target large groups of people. Next, the hacker has to decide on what he wants from the victim. Depending on the choice the hacker makes, he can infect your DNS so that even if you type the correct website, you will be sent to a clone, he can mask a link and send it to an individual to share their info, or even just outright trick you into sharing your information through psychological manipulation. As for the last step, the hacker just needs to execute their attack. When they get the information, they can choose to do a number of things with it, such as ransom you, steal money from you, or just sell it on dark web markets. The hacker has plenty of options.