Phishing refers to the act of attempted theft via connected devices. The action can be manual or executed through a tool that automates the process. It can also be a combination that begins with a scripted tool opening the door for the hacker who completes the attack manually.
The term “phishing” was first used in 1994 when a group of teens worked to manually obtain credit card numbers from unsuspecting users on AOL. By 1995, they created a program called AOHell to automate the work for them.
Since then, hackers have continued to invent new ways to gather details from anyone connected to the internet. These actors have created a number of programs and types of malicious software still in use today. Some of these tools were created for the sole purpose of penetration testing, or “hacking with permission.” Once a tool exists, however, bad actors can figure out how to use it maliciously.
In the years since, hackers have managed to create malicious software specifically for phishing applications. One example is PhishX, a tool designed to steal banking details. Using PhishX, attackers create a fake bank website that appears to be a real bank where you might have an account. They customize the page with their phone number and email address. Clicking on “Contact Us” puts you in direct communication with the hackers.
Phishing Frenzy is an example of an email phishing tool originally created for penetration testing. Phishing Frenzy proved to be operator-friendly and many hackers used it due to its ease of use.
Another phishing tool is Swetabhsuman8, which enables attackers to create a fake login page used to hack Instagram accounts. When you try to log in, the hacker gathers your user ID and password.
In addition to spoofing websites, email phishing tools, and malicious login pages to steal your details, hackers create call centers connected to a phone number you receive via one of their emails, fake websites, or text messages.
Modern ransomware actors typically target larger enterprises for a maximum payoff. They tend to spend a significant amount of time conquering each section of the victim’s network until they launch their ransomware attack. This type of multi-stage attack often starts with a single phishing email.