Where Did The Name 'Phishing' Come From?

As technology develops, more doors unfortunately open for different kinds of cyberattacks and new types of malicious digital activity. One example is phishing, where perpetrators try to trick people into disclosing private information or downloading harmful software like malware via text, email, or even instant messaging. If you haven't experienced any actual phishing attempts before, you might have seen companies or organizations sending out faux phishing emails as cyber safety training.

Although phishing itself is quite well-known, its word origins are a little less clear. The first part isn't too hard to guess – phishing sounds like fishing, because scammers are fishing around for your information. You can even see the aquatic puns popping up when it comes to more specific types of phishing, like the hyper-targeted spearfishing or the CEO-directed whaling attacks. The origin of the quirky spelling, where it starts with 'ph', is less clear, though.

Phishing is very possibly spelled with a 'ph' as a throwback to phreaking, a portmanteau of phone and freak. Phreaking is a type of phone line hacking that allows people to make free phone calls. It was most prominent in the early 1980s, before lines were upgraded to common channel interoffice signaling. Phrack is another similar phrase that nods towards phreaking by combining the term with hack, and is the title of a digital zine covering digital issues like cybersecurity, hacking, and politics. Despite these ideas, the exact origin of the 'ph' in phishing isn't known.

The illicit nature of phishing makes it tough to track exactly where the word came from, since a lot of material around it — especially the earliest stuff — can be kept pretty hush-hush. But, phishing was used in early 1996 as a part of an online discussion board called alt.2600, meaning that it was in circulation online in niche circles by the mid-1990s. And, according to the Anti-Phishing Working Group, there's some chance it was even kicking around a little earlier in a print tech publication known as 2600: The Hacker Quarterly.

Both names featuring the number 2600 aren't a coincidence. 2600 is the frequency in hertz that made it possible to phreak telephone lines using tones playing the same frequency, backing up the idea that the 'ph' in phishing could come from phreaking. If this is the case, it makes phishing an interesting word on a linguistic level.

Of course, this means the original meaning of phishing is now somewhat lost, as the use of 'ph' in 'phishing' doesn't actually reflect 'phone' anymore. In fact, when phishing happens specifically over text, it tends to get its own new phrase: smishing. Smishing is phishing via text messages, with the 'sm' being taken from SMS. So, to put the phone back into phishing, another new portmanteau is made altogether.