Nowadays pretty much everyone, not just the IT security nerds, now understands what Phishing means. That wasn’t always the case…
Wikipedia will tell you that phishing is an “attempt to acquire sensitive information… often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.” This is wrong in one regard: phishing is not often, but always, malicious. Indeed, it has become the primary vector for malware attacks with the payload delivered either as an attachment to the email itself or via a link embedded within it.
But where did it all start? Phishing has become so commonplace that the term itself is now understood by pretty much everyone – not just IT security nerds. That wasn’t always the case, and you have to look back 20 years to a posting on the old alt.online-service.america-online Usenet newsgroup to find the first recorded usage I am aware of. It dealt with a scam whereby hackers using America Online (AOL) would leverage AOL instant messenger (AIM), and email services to pose as AOL staff.
