How phishing is accomplished

User login on hook

It’s important to protect yourself from phishing scams. But what is a phishing scam? How is phishing accomplished in the first place?

Origins of phishing

The term “phishing” was coined in the late 90s by hackers attempting to steal America Online usernames and passwords. They would send out emails that were the bait, attempting to “catch” a username and password. A common practice in the hacker world was to replace the letter F with PH, thus the term phishing.

An example of phishing

To this day, phishing is often still accomplished through email. You receive an email that looks like it’s from an official service that you actually subscribe to, or a website that you really have an account with.

The email often has some sort of urgent element to it. Maybe it says you have an overdue bill. Maybe your account is about to be deleted. Whatever the case, there’s some sense of urgency.

So you click the link in the email and are then sent to a login web page that looks like it’s legitimate. Then you enter in your username and password, but it doesn’t work.

Maybe you give up at that point and decide to try again later. Or maybe you close your browser, reopen it, type in the website’s address, and suddenly you’re able to log in.

Then later, odd things start happening. Maybe there are unexpected charges on your credit card or unexpected debits on your bank account. Perhaps people tell you they received a message from you online asking for money. Maybe you suddenly have trouble logging into the service yourself.

You’ve been the victim of a phishing attack!

That email you received wasn’t actually from the website or company it claimed to be. And the login screen you saw when you clicked on the email’s link wasn’t legitimate either. Instead, it stored your username and password when you tried to log in. Then someone used that information to actually log into your account.

Avoiding phishing

Be careful what you click on, whether it’s in an email, on social media, or elsewhere online. Before logging in anywhere, always look at the address of the page you’re on to be sure it looks correct.

The best option is to type in the address of the website directly, then click on the “Log In” link on that page to be safe.