We’ll pay you back up to $20/month in ATM charges if you use an out-of-network ATM to access your checking account.
Want a low rate? High rewards? A prestige cashback card? We’ve got the right card for your needs.
Simplify your life and save money when you refinance.
Alliant returns profits to our members through higher savings rates, lower loan rates, and fewer fees. And we make it easy to bank with 24/7 account access.
Teen Checking – with smart limits and parental monitoring – helps you teach money skills.
Return to The Money Mentor Blog
By Alissa Green
You’ve been warned to avoid phishing attacks since the moment you opened an email account, and for good reason. But how long has phishing actually been around? And how did it come to be?
Designed to mimic credible communications – primarily via email – phishing has actually only been around for a few decades.
It was in the mid-nineties that “phishing” first began to be called by that name. It’s a smart hack, really. Obviously, the meaning of fishing makes sense, since all phishing attacks are fishing for information – but what about the “ph”? The “ph” is actually derived from the term phreaks, which was language that described the earliest hackers.
You may be surprised to learn that phishing originated in 1995 – even though the greater public didn’t become familiar with it until nearly 10 years later. The first mention of phishing occurred in January 1996, in an America Online chat room. Think back to the nineties and that will make sense; AOL was a prime target for early cyber security scams because the company provided Internet access to millions of users, many of whom would prove to be unsuspecting targets.
What’s ironic is that many of the hackers also used AOL to connect. They would create randomly generated credit card numbers and attempt to open AOL accounts with them. Then, they would send messages to users that appeared to come from AOL employees.
Following the September 11 terrorist attacks, phishers capitalized on the tragedy to conduct fake identity checks, trying to steal data from the E-Gold digital currency service. While the attack failed, this brought heightened attention/publicity to phishing, prompting new criminals to get in on the phishing trend.
By 2004, phishing had become a more frequent cyber-security issue, with an estimated $929 million lost between May 2004 and May 2005.
Phishing, unfortunately, continues to be a growing problem. In the second half of 2014, there were 123,972 unique phishing attacks worldwide against specific websites; the same number as in the first half of 2014 and the most tracked since 2009.
“The largest trend I’ve seen is the trend towards intimacy and the sense the attacker gives you that he’s a friend or a colleague,” says Peter Cassidy, the secretary general of the Anti-Phishing Working Group (APWG). “Think about what people express publicly now vs. 15 years ago. It used to be very difficult to find information on people outside of their house.
“Now, people put so much information online and the bad guys can create semi-custom approaches and create these fantastically precise narratives. Ordinary people think they’re talking to a friend and instead it’s a script.”
This relationship background work is created for that one moment when phishers attempt to get you to click on a link. To hear Cassidy explain various scenarios, it does sound frighteningly easy – dirty links can be sent posed as new baby photos or a link to a colleague’s PowerPoint presentation or anything in between.
Additional prevalent phishing techniques are included below. The full list can be found on the website phishing.org.
Multiple organizations have been formed to combat and track phishing attempts, but few have been as influential as Cassidy’s organization, the APWG. The APWG was created in 2003 and is a global coalition of industry and law enforcement professionals working to prevent cyber security crimes. You can download their 2014 second-half phishing report for more information.
The U.S. government is also working to fight phishing and other cybersecurity threats. According to internet security watchdog IID, the White House allocated $14 billion toward cybersecurity spending in the 2016 federal budget, a 10 percent increase over the current fiscal year.
Meanwhile, at Alliant, our Information Security and Fraud teams have developed a swift and efficient process, upon learning of any phishing attempt. Once Alliant is notified of any fraudulent phone number or website that’s mimicking us, we have processes in place to ensure they’re shut down immediately, working with authorities as necessary.
Unfortunately, phishers aren’t only interested in personal bank accounts anymore – they’ve grown their ambitions. They’re now also interested in big, medium and even small-sized companies.
Cassidy said that one of the smallest attacks he’s seen was an attack on a chamber of commerce in Kentucky, after an employee inadvertently gave access. The phishers got away with over $300,000.
“What you can do to protect yourself is slow down,” says Cassidy, “even if you think you know the correspondent intimately. The email you should most be cautious of is the “emergency email” from a spouse with a link. The bad guys use the trust we have in one another and how we support one another against us. They use what makes us successful against us. It really cuts to the heart of who we as human beings are.”
Other tricks you should watch out for include:
To read more tips on staying safe from phishing, read our previous blog article on how to avoid email phishing scams.
And remember, if something smells fishy – it probably is.
Sources: InternetIdentity.com, APWG, Anti-Phishing Society, Washington Post