Why Are Online Scams Called ‘Phishing’?

Hack, line, and sinker.
Hack, line, and sinker. / calvio/iStock via Getty Images

These days, phishing attacks can find you anywhere from your Gmail account to your text message inbox. But back when the word phishing was coined, they were specific to a single place: AOL.

It all started in 1994, when a group of enterprising hackers from across the U.S. began impersonating AOL representatives in private chats, hoodwinking unsuspecting AOL users into surrendering their login credentials and credit card information. The hackers were mainly just interested in stealing the data so they could use AOL through other people’s accounts, rather than having to pay for their own. According to Koceilah Rekouche, then a 16-year-old hacker known as “Da Chronic,” someone in their party aptly nicknamed this process of baiting a person—usually selected from a pool of users in a chat room—into turning over personal details “fishing.”

By January 1995, Rekouche had created “AOHell,” a novice-friendly software program that automated the process with boilerplate messages and options to “fish” for passwords or credit card numbers. It was in AOHell that Rekouche, as he wrote in a 2011 journal article for Cornell University’s arXiv, first changed fish to phish. Though he didn’t provide an explanation for the switch, some believe it was inspired by the term phone phreak, which was coined in the 1970s to describe people who hacked phone lines to make free calls. (As for where phreak came from, it’s generally assumed that the ph- was borrowed from phone, and freak may have been a play on free call.)

Phishing wasn’t AOHell’s only selling point. You could also, for example, “mail bomb” someone’s inbox with hundreds of spam emails; use the “Punt” button to log an AOL user out of their account; click “Ghost” to erase all comments except for yours; or send what The Boston Globe described as “a graphically obscene gesture” to everyone in a chat room. Unsurprisingly, the software became popular among teenagers, which was Rekouche’s intention.

“I hate the staff on AOL for one, I hate most of the people on AOL for another, and I wanted to cause a lot of chaos,” Rekouche as “Da Chronic” told The Boston Globe in April 1995.

Rekouche’s stint as the internet’s most powerful agent of chaos didn’t last forever—nor did AOL’s preeminence as the online service of choice. But the concept of phishing continued to grow and mutate, and the term phishing persevered right along with it.