A phisher is someone who deceptively obtains personal information in order to abuse your user accounts, bank accounts or credit cards. The practice of doing so is know as phishing, and the attempt 'A phish'.
Pretending to be someone else isn't new, and using a false passport or bank book to get someone's money - or forging a cheque - are as old as banking itself. 20th Century technology made it easier than ever to get away with this sort of thing, because you need very little data to get anything done. Credit card numbers and PINs for ATM cards, once obtained, are easy to abuse. As you can imagine, the Internet makes this problem even more severe, as it's easier to reach gullible people and make yourself look official.
Enter AOL. For most Americans in the mid 90's, this was their Internet experience. AOL provided chatrooms. It is here than AOL users encountered the phishers. As soon as you logged into a chatroom for the first time, you'd be dropped into the New Members' Lounge, which immediately marked you as a newbie. Seconds later, you'd get a private message saying something like
FROM: AOL Accounts Department
re: Your account
Owing to recent server troubles, be are required to confirm your identity,
to ensure that we don't bill you twice, and that your account is not cancelled.
Please confirm your username and password immediately.
People believed that this was really AOL, so replied with usernames and passwords, only to find that their online hours were quickly used up by parties unknown. Sometimes they'd give out credit card details too.
By January 1996, the term 'phishing' was in use to describe the act of deception, and 'phisher' for the deceiver. Wordspy shows its earliest use as in the USENET newsgroup alt.2600 on Jan 28th, but Google Groups shows a slightly earlier use in alt.aol-sucks (Jan 23rd) , and the context implies it was in regular use by that point. I'm sure that it comes from 'fishing' for information, via the cracker culture of leet speak. The prior existence of the band Phish probably made the term stick.
As Internet usage became more widespread, so did the phishes. A common trick was to design a website that looked exactly like the frontend for Hotmail or Yahoo! mail, and link to it from your website. If a user tried to log in, the website would steal their username and password. MSN messenger banned users from having certain words in their screen name.
Recently, though, the phishers have gone into overdrive. eBay accounts are phished regularly, often by an email that looks like it come from eBay, using a similar-looking URL (say the domain we-are-ebay.com) asking for password details. Once obtained, the phisher can hijack the ebayer's reputation, and use it to sell fake goods and keep the money.
Perhaps the most worrying development is the Internet banking phishers. Unlike credit cards, which often have some form of guarantee in case of abuse, bank accounts are much more attackable. In the last few months, most major online banks have been targeted by some phisher or other spamming random email addresses. There are even some phishers who use the information not simply to steal money, but to create whole stolen identities.
As a result, the word 'phisher' has gone mainstream, migrating to news.admin.net-abuse.email, and was used by the Federal Trade Commission in a warning in July 2003. Phishers are hard to catch and rarely prosecuted, especially as - like 419ers - many operate from Africa or other places far from their victims.
Submitted the word as an entry for the Jargon File