The word "phishing" comes from the analogy that Internet scammers
are using email lures to "fish" for passwords and financial data
from the sea of Internet users. The term was coined in the 1996
timeframe by hackers who were stealing America On-Line accounts
by scamming passwords from unsuspecting AOL users. The first
mention on the Internet of phishing is on the alt.2600 hacker
newsgroup in January 1996, however the term may have been used
even earlier in the printed edition of the hacker newsletter "2600".
"Ph" is a common hacker replacement for "f", and is a nod to
the original form of hacking, known as "phreaking". Phreaking
was coined by the first hacker, John Draper (aka. "Captain Crunch").
John invented "hacking" by creating the infamous Blue Box, a
device that he used to hack telephone systems in the early 1970s.
This first form of hacking was known as "Phone Phreaking". The
blue box emitted tones that allowed a user to control the phone
switches, thereby making long distance calls for free, or billing
calls to someone else's phone number, etc. This is in fact the
origin of a lot of the "ph" spelling in many hacker pseudonyms
and hacker organizations.
By 1996, hacked accounts were called "phish", and by 1997 phish
were actually being traded between hackers as a form of currency.
People would routinely trade 10 working AOL phish for a piece
of hacking software that they needed.
Over the years, phishing attacks grew from simply stealing AOL
dialup accounts into a more sinister criminal enterprise. Phishing
attacks now target users of online banking, payment services
such as PayPal, and online e-commerce sites. Phishing attacks
are growing quickly in number and sophistication. In fact, since
August 2003, most major banks in the USA, the UK and Australia
have been hit with phishing attacks.