washingtonpost.com  > Technology > Tech Policy

Quick Quotes

A Brief History of Phishing

Thursday, November 18, 2004; 6:36 AM

Before mid-2003, most phishing scams arrived in text-heavy e-mails. They were rife with spelling errors and poor grammar that tipped recipients off. But phishers are honing their writing and design skills, creating messages that are more difficult to discern as forgeries. Here is a brief timeline of the development of phishing:

September 2003:

_____Related Coverage_____
Catch the Phish: Take the Quiz
Companies Forced to Fight Phishing (washingtonpost.com, Nov 19, 2004)
Phishing Feeds Internet Black Markets (washingtonpost.com, Nov 18, 2004)
Phishing Schemes Scar Victims (washingtonpost.com, Nov 18, 2004)
How to Fend off Phishing (washingtonpost.com, Nov 18, 2004)
Complete Cybercrime Coverage
_____Live Discussion_____
Today, 11 a.m. ET: Brian Krebs hosts Dave Jevans, chairman of the Anti-Phishing Working Group.
Ask Questions NOW
___Tech Policy/Security E-letter___
Written by washingtonpost.com's tech policy team, the e-mail version of this weekly feature includes an original news article and links to policy and cyber-security stories from the previous week.
Click Here for Free Sign-up
Read E-letter Archive


_____Message Boards_____
Post Your Comments

• E-mail fraudsters register dozens of lookalike domain names, such as yahoo-billing.com and ebay-fulfillment.com. They also create Web sites that contain the names of well-known companies and brands like microsoft.checkinfo.com.

October 2003:

• Phishers embed Web site designs into their e-mails, complete with stolen logos from the targeted company and return addresses that are "spoofed" or faked so that they appear to come from the company.

• Virus writers release "Mimail" e-mail worms targeting customers of the online payment service PayPal, an eBay subsidiary. The recipients are asked to update their credit card information via a Web page that closely mimics the design of PayPal's member services page. Later versions demand a Social Security number, date of birth and mother's maiden name -- three pieces of data that financial companies rely on most to verify their customers' identities.

December 2003:

• New attacks include a link to a legitimate banking Web site in the background, but a fake "login" box placed in front of the real site. Experts say this method is particularly convincing because the legitimate site and the pop-up appear to be from the same source.

• Reports of e-mail fraud and phishing attacks surge more than 400 percent over the holidays, according to the Anti-Phishing Working Group.

January 2004:


CONTINUED    1 2    Next >

© 2004 TechNews.com