25 years of phishing

By Fernanda Almeida | February 5, 2019

25 years of Phishing, don’t take the bait

Phishing is a malicious attack technique used to steal information from you. It is a fraudulent activity to trick you into revealing your personal and confidential information.

This attack technique can range from stealing your bank account details to identity theft and can have devastating consequences financially and personally.

Banking on fear, curiosity, and anxiety concerning money, private life, and work issues, the effects of phishing can leave the victim with a lasting sense of unrest. The psychological tricks used are evolving, with increasingly serious consequences.

A bit of history

Phishing will mark its 25th anniversary next year - 25 years later and it’s still doing damage all over the globe.

The practice started on AOL back in 1995, when hackers created a tool for generating credit card numbers which they then used to create fake AOL accounts. After that, they spammed other AOL members with phishing techniques to trick users into revealing passwords, social security numbers, and even credit card numbers.

Tactics can change

Tactics have changed from an AOL account to pulling on your heartstrings: “Love Bug” started in May 2000 in the Philippines, and soon mailboxes around the world were receiving a message with the title “ILOVEYOU.” The message body read simply: “Kindly check the attached LOVELETTER coming from me.” Around 45 million Windows PCs were hit worldwide. The hackers played with people’s emotions, and it worked.

Since then Phishing has grown to alarming losses from scammers:

  • Ubiquiti Networks: Total loss of $46.7 Million
  • FACC: Total loss of $55 Million
  • The Crelan Bank: Total loss of $75.8 Million
  • Facebook and Google: Total loss of $100 Million
    • (No specific details have been shared, but it is believed that Facebook and Google were hit with a strong Spear Phishing attack on March 21, 2017).
  • One of the big Phishing scandals was the attack on Hillary Clinton’s campaign in 2016. Hackers got the Gmail password of Hillary’s campaign manager.

Phishing at work

In work environments, hackers will access information that is vital to the IT infrastructure of the business. As a consequence, further attacks can be launched. These attacks target the organization’s workstations, wireless devices, and servers. On top of the monetary loss that is incurred, the damage can tarnish the reputation of the business which can lead to possible job losses.


At The European Information Security Summit (TEISS) 2018, Lesley Marjoribanks, Head of Information Security at the Royal Bank of Scotland, gave some insight into Phishing trends: > What we will see going into 2018 is attackers really going after the end-user to have the most impact, so you’re talking about > hospitals, air traffic control….

The newest development to watch out for is ransomware and, according to Marjoribanks >…it’s going to get slicker and we will see ransomware delivered by ‘SMiShing’ in the very near future.

Source: Phishing Trends and the Future


Increased knowledge is a vital component in protecting yourself and others from online scams in your private and working lives.

10 Ways to Avoid Phishing Scams

Emails are still the most common form of Phishing scam, which is why 8 of the 10 top tips to avoid phishing related to suspect emails:

  1. Check the sender’s email address At work, check that the sender’s business email address matches the company’s web address
  2. Check how the email is addressed Legitimate emails will usually name you, if you receive an email addressed “Dear Customer”, this could be a phishing scam
  3. Be suspicious of “Act Now” Don’t trust any emails that say you must act immediately or bad things will happen
  4. Don’t share personal information via email Always go directly to your account to check with the company (i.e. your bank) and do not click on links that ask you for information
  5. Be suspicious of badly written emails Badly written emails which include spelling mistakes or grammatical errors are a sign that an email is not legitimate
  6. Be suspicious of emails that are solely images Emails that are solely images where there should be text are highly suspicious. Avoid clicking anywhere on the image as there could be a hidden link behind the email
  7. Check links before you click them Before you click a link in an email, hold your mouse over the link and check it looks right, the link details will either pop up over the link text or at the bottom of your browser
  8. Don’t open unexpected attachments Viruses can be hidden in word documents, spreadsheets, and even PDFs
  9. Keep your antivirus software up to date Antivirus software guards against known technology workarounds and loopholes and new definitions are added all the time to keep up with new scams
  10. Be wary of how you close down pop-ups Pop-up windows often masquerade as components of legitimate websites. Never click the “cancel” button, as these can sometimes lead to phishing sites. Instead, click the small “x” in the upper corner of the pop-up.

Source: What is Phishing, how this cyber attack works and how to prevent it

Check out our video

Test yourself

According to the Verizon Data Breach Investigation Report, phishing was involved in 70% of breaches in 2018, with 11% of those who received phishing emails falling for them.

Take this quiz* to test your phishing resilience

*quiz created by Alphabet’s subsidiary Jigsaw

Keep yourself and others safe

Don’t take the bait!

About us

Photobox Group is Europe’s leading digital consumer service for personalised products and gifts and parent of the Photobox, Moonpig, Hofmann and posterXXL brands.

Creative Commons License

© 2018, Photobox Group Security. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.


Photobox Group Security
Unit 7, Metal Box Factory
30 Great Guildford Street