Scams and fraud are an all too often occurrence in the modern world. While the behavior is not new, many of the techniques and tools used to fool people out of their money are. Thanks to the rapid evolution of technology, specifically internet capabilities, the ways and means by which people connect for personal or professional reasons have multiplied on the coattails of technological innovation.
While many people may feel that they are beyond and immune to such criminality, there is a rude reality to common unsuspecting individuals who fall prey to the clever scheme by which many phishing scams take place and find their success. In order to better protect and educate others— especially with prevention tips for older adults— on how to best avoid and defend themselves against phishing scams.
The following is a brief summary about the history of phishing scams, how they started and why they are still effective today.
A Brief History of Phishing Scams
“Phishing”, spelled purposefully with a “ph” in place of an “f” for fish is speculated to have its origins from its allusions to scammers sourcing people to attack as being from a “sea” of users. This technique is estimated to have begun in the early to mid-1990’s where, back then, the only internet access was from ‘dial-up’ sources that required a fee.
There was a popular 30-day trial period in which users could access the internet through AOL, but after the trial, some people were unsurprisingly reluctant to give up access. However, they also had little interest in paying for the service. For those individuals determined enough to do so, some found a way around these trial period offers by simply changing their usernames into that of AOL administrators. Doing so allowed them to be able to “phish” for the log-in credentials of other people so that they could continue to access the internet free of service costs.
The group which started all this was known as the Warez community. The Warez community became very good at stealing user information like usernames, passwords, and other relevant personal data. Then they would use this pilfered personal information to generate fake credit card numbers that were then used to open new AOL accounts which were, ironically, used to spam other AOL members.
This gradually evolved with the internet and, as the popularity of the internet grew, scammers chose to present themselves as ISP’s and would then send emails to actual ISP customers. The spam that was sent to legitimate customers would then enable hackers to access the internet using the stolen account information from people’s email addresses. The messages and email which were sent to unsuspecting customers very closely matched the fonts, text, and even the colors used in AOL’s legitimate services.
Again, the ploys worked, and many people fell prey to the phishing. This continued until AOL finally found out and sent out messages to their customers warning them of the issues with clear instructions to not give out personal information through emails or the messenger service.
The Love Bug Scam of 2000
In the early 200’s a change in tactics resulted in the creation of a virus which, by the time it was stopped, infected an estimated 45 million PC’s. The phishing scam reportedly came from somewhere in the Philippines which created an email with the message header that read simply, “ILOVEYOU”.
For those people who could not resist clicking on the message also ended up opening a .txt file which released a worm that worked its way into the hardware. That worm’s job was to embed itself in user’s contacts in the Outlook address books, multiplying itself again.
Types of Phishing Scams Today
Phishing scams have come a long way since the mid 90’s. Here are some of the most commonplace phishing scams that are active today.
Spear Phishing
The goal of this scam is to find and access login information. Criminals attempt to impersonate employees by using various personal details about an individual such as phone numbers, and work credentials. Providing this information makes the claims more believable and thus leaves the targets less suspicious.
Deceptive Phishing
This strategy makes the point of trying to impersonate the employees of another company or party to then extract information from a target. This is one of the more common types of attacks. An example of this would be when an attacker sends an email to a PayPal user in a format that appears to be from the real company.
Once the target clicks on the email — usually baited with there being something wrong with the account that needs servicing— the attacker is able to steal all the personal information such as bank details.
Smishing
The popularity of SMS messaging has led to a spinoff of the classic email phishing strategies, but rather than using an email it utilizes a text message. By similar means, the SMS message contains volatile links that are typically paired with attachments and information that are enticing to the mark. These messages can contain any number of different phishing strategies such as links to fake sites, fake phone numbers, and false information meant to mislead the person.
The power of this phishing technique is that there can be a sense of urgency that comes from the arrival of both an email and an SMS message. This typically comes in the form of a fraudulent claim from a bank. The added pressure causes people to drop their guards. The high success rate of this type of attack is causing them to become more common.
Drive by Download
This method involves the insertion of content on the coded end of a website. The hacker is then enabled to take over the web domain for a period of time where they can insert malicious code into the webpage. The inserted links then funnel personal information into the attacker’s accounts for download and usage for other attacks.
Conclusion
In conclusion, scams and fraud, particularly phishing scams, have been a significant threat since the early days of the internet. Today, we witness a variety of sophisticated phishing techniques like spear phishing, deceptive phishing, drive-by downloads, and smishing, each tailored to exploit different vulnerabilities.
Since there are so many different ways that people have to access various services digitally, their personal information is more easily accessible to criminals. For this reason, phishing scams are sadly still effective criminal activity. The rapid spread and success of these scams underline the importance of vigilance in cybersecurity.
As technology continues to advance, it is crucial for individuals and organizations to stay informed and cautious, especially in protecting the elderly and those less tech-savvy, to combat the ever-evolving threat of phishing scams effectively.
About the Author
Ryan Ayers is a researcher and consultant within multiple industries including information technology, blockchain and business development. Always up for a challenge, Ayers enjoys working with startups as well as Fortune 500 companies. When not at work, Ayers loves reading science fiction novels and watching the LA Clippers.
Leave a Reply