Phishing is a term that may have it origins in the attempt to get passwords by sending emails to “fish for a bite” from a victim or target. One of the first internet venues America OnLine (AOL). Founded in 1985, by the end of the 1990s, dial-up AOL was the largest Internet provider in the world2. The AOL instant messaging software (AIM) had over “220 million worldwide users” and was available not only to AOL users, but to non-subscribers as well3. Malicious hackers would use fraudulently acquired AOL accounts, pose as AOL system administrators, and trick the unsuspecting AOL user to confirm their account passwords and billing information. One of the first mention of phishing may have been in 1996 with “You can go phishing for passwords (not that I do it … or recommend it)”4. Phishing evolved into theft of other identifying information, as well as credit and bank data with more sophisticated techniques.
In 2014, the University of California at Berkley emailed a simulated phishing email to the faculty and staff5. During the initial phase of the campaign, 3% of the target audience responded to the simulated phishing that told them that their University account would be terminated if they did not click a link and enter their password. This was not a finely tuned attack, but later phishing stages would have more finesse.
This document is provided to assist a small-to-medium business to build and maintain the resources for a simulated phishing educational campaign (SPEC).
Views: 16
