Mike, Not sure exactly the sources or timing of the term, but people have been "phishing" on AOL for at least 6 years. AOLers were considered easy prey for social engineering, and circa 1997 was a period in which script kiddies were first coming into their own. Even those who could not write scripts could phone up users, saying they were from AOL, and have the user read their password over the telephone. They sometimes also asked the user for their credit card, a practice called, oddly enough, "carding." (Why not "karding"? Who knows.) Incidentally, parting people from their passwords hasn't gotten much harder, apparently. See http://www.theregister.co.uk/content/55/30324.html I strongly suspect that "phishing" is simply "fishing" with the fone phreaks' "ph" to indicate that it was an illicit computing activity, rather than anything illicit having to do with Phish. Might also been that it was first practiced via phone, before the current email/trojan horse approach was taken up. Alex =============================================== | Alexander Campbell Halavais | | alex.halavais.net | | Assistant Professor, School of Informatics | | State University of New York at Buffalo | ===============================================