Thanks to advancements in computing technology, the use of e-mail for communication has become omnipresent, especially in business. As Kruck and Kruck (2006) note, as an organization's dependence on e-mail for communication increases, so does the opportunity for problems to arise. One such problem is the increased numbers of spoofed e-mails, where a communication is sent masquerading as another party, as a means of committing phishing fraud.
The first recorded use of the word "phishing" is documented on the alt.onlin-service.america-online Usenet newsgroup, on January 2, 1996. Some sources, however note the term having appeared earlier in a hacker magazine 2600. The word itself is a variant of the word "fishing" and alludes to the luring of victims into giving away sensitive information, such as passwords and financial information. It has also been attributed to possibly the term "phreaking" as well as being a portmanteau of "password harvesting" and an example of folk etmology. Although phishing is most often conducted via e-mail, phishers have also been known to use instant messaging as well as phone contact ("Phishing", 2007).
America Online was the first victims of phishing fraud. Prior to the creation of phishing, perpetrators would would use fake algorithmically generated credit card numbers, in order to create accounts on AOL. These accounts would last weeks or even months before the organization would catch the fraudulent activity, giving the person free Internet access until it was discovered. When AOL took measures in late 1995 to prevent this from happening, phishing was developed to gain access to legitimate accounts ("Phishing", 2007).
Phishing on AOL was first conducted via instant messaging. A phisher would pose as an AOL staff member and send an instant message to a potential victim, asking them to reveal their password, often telling them they need this information to verify their account or con...