BE-Hacktive
HackTricksTwitterLinkedInSponsorWebsite
English
English
  • BE-Hacktive
  • About the author and the project
  • Table of contents
  • Contact
  • 🎬Synopsis
    • Technology over time
    • Cybersecurity
    • CVE
  • 🏆Eskooly - CVE
    • ESKOOLY
    • CVE-2024-27709 - SQL Injection in Eskooly Web Product v.3.0
    • ESkooly - Broken Authentication
      • CVE-2024-27710 - Privilege Escalation via Authentication Mechanism in Eskooly Web Product <= v3.0
      • CVE-2024-27711 - User Enumeration via Sign-up Process in Eskooly Web Product <= v3.0
      • CVE-2024-27712 - User Enumeration via Account Settings in Eskooly Web Product <= v3.0
    • CVE-2024-27713 - Protection mechanism Failure in Eskooly Web Product <= v3.0
    • CVE-2024-27715 - Inadequate Password Update Verification in Eskooly Web Product <= v3.0
    • CVE-2024-27716 - Cross-site Scripting (XSS) in Eskooly Web Product <= v3.0
    • CVE-2024-27717 - Cross-Site Request Forgery (CSRF) in Eskooly Web Product <= v3.0
  • 🚨Tip 1 - Raising awareness
    • Phishing
      • Phishing - Origins
      • Phishing - Evolution
      • Phishing - Statistics
      • Phishing - Techniques
      • Phishing - Protection
    • Malware
      • Malware - Origines
      • Malware - Evolution
      • Malware - Categories
      • Malware - Ransomware
    • Passwords
      • Passwords - Origins
      • Passwords - Evolution of authentication
      • Passwords - Statistics
      • Passwords - Protect yourself
  • 🧨Capsule 2 - Ethical Hacking
    • Definition and Methodology
  • 🧰Capsule 3 - Tools
    • Burp Suite
      • Installation
      • Intercept HTTP traffic with Burp Proxy
      • Define the perimeter
      • Intruder et Repeater
  • Capsule 2 - Ethical Hacking
    • Page 1
  • 📖Articles
    • Cybersecurity 2023: 5 major threats and how to protect yourself from them
    • Am I a victim of data leaks?
    • LOG4J: The vulnerable bookstore that is shaking the planet
    • LOG4SHELL: COME, SEE, LIVE
    • Protecting Your Child Online: Tips for Safer Internet Day
    • ChatGPT: Revolution or threat?
    • The FBI dismantles Raptor Train: A Chinese Botnet that Infected 260,000 IoT Devices Worldwide!
  • 🗞️News
    • Active exploitation of TP-Link, Apache and Oracle vulnerabilities detected
    • Microsoft stresses the urgency of patching Exchange servers locally
Powered by GitBook
On this page
  • Etymology
  • Phishing sur America Online
  • New technique against AOL
  1. Tip 1 - Raising awareness
  2. Phishing

Phishing - Origins

PreviousPhishingNextPhishing - Evolution

Last updated 5 months ago

Etymology

Phishing scams use spoofed e-mails and websites as bait to lure people into voluntarily disclosing sensitive information. The term phishing is a contraction of the English words “fishing” and “phreaking”, meaning the exploration, experimentation and study of telecommunication systems.

Phishing sur America Online

In the 90s, AOL, formerly known as America Online, was one of the world's leading Internet service providers, with over a million customers subscribing to its service. AOL's massive popularity attracted the attention of hackers. People trading in pirated and illegal software and tools used AOL for their communications.

Phishers first carried out attacks by stealing users' passwords and using algorithms to create random credit card numbers. While the chances of success were rare, they did hit the jackpot quite often, and caused a great deal of damage. Random credit card numbers were used to open AOL accounts. These accounts were then used to spam other users and for a host of other scams.

Spammer: Anglicism. To send mass e-mail messages to unsolicited persons for advertising or commercial purposes. (Definition by “LeRobert”)

AOL put an end to this practice in 1995, when the company introduced security measures to prevent the use of randomly generated credit card numbers.

New technique against AOL

After putting an end to their credit card extortion, the phishers created what would become a very common and long-lasting set of techniques. Using AOL's instant messaging and e-mail systems, they would send messages to users pretending to be AOL employees.

These messages asked users to verify their account or confirm their billing information. More often than not, people fell for it; after all, nothing like this had ever been done before. The problem intensified when phishers created AIM (AOL Instant Messenger) accounts via the Internet; these accounts could not be “punished” by AOL's terms of use service.

AOL Instant Messenger (AIM): A computerized instant messaging and presence program created by AOL, enabling registered users to communicate in real time.

Finally, AOL was forced to include warnings on its e-mail and instant messaging clients to prevent people from providing sensitive information via this channel.

🚨
AMERICA ONLINE supplier logo
Instant message on AIM for one of the latest versions available