Full Disclosure mailing list archives
Re: Are consumers being misled by "phishing"?
From: Schanulleke <schalulleke () gmail com>
Date: Thu, 29 Jun 2006 08:40:44 +0200
n3td3v wrote:
I believe the industry coined up "phishing" to make more money out of social engineering. Its obvious now that both are over lapping. Only the other day Gadi Evron was trying to coin up a phrase for "voice phishing". Why can't we cut to the chase and drop the (ph)rases and call it straight forward SOCIAL ENGINEERING.
n3td3v, Phishing, in my opinion, is a form of social engineering.What I would like to refer to as phishing has as main characteristic that is is usually not targeted or targeted at a group (e.g. a bunch of yahoo users). Like spam (another form of social engineering?) phishing relies on volume to work. It relies on the fact that there is a sucker born every minute and it you ask enough people you will encounter the sucker. The social engineering that has a higher risk profile for me (and the job I have to do) is more targeted and less opportunistic in nature. It is a targeted attack against layer 8 of the OSI model, the human.
Phishing also has the nasty property that it exposes an organization to a risk that is outside the scope of the organization (the customers). The only thing that really helps is to educate the user. Social engineering against employees (like against the Yahoo helpdesk) can also be solved by training elements under your own control (one hopes).
Anyway my 2 cents for what they are worth. Schanulleke _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Are consumers being misled by "phishing"? n3td3v (Jun 28)
- Re: Are consumers being misled by "phishing"? mikeiscool (Jun 28)
- Re: Are consumers being misled by "phishing"? Saeed Abu Nimeh (Jun 28)
- Re: Are consumers being misled by "phishing"? Wesley McGrew (Jun 28)
- Re: Are consumers being misled by "phishing"? Schanulleke (Jun 28)
- <Possible follow-ups>
- Re: Are consumers being misled by "phishing"? Gadi Evron (Jun 29)
- Re: Are consumers being misled by "phishing"? n3td3v (Jun 29)
- Re: Are consumers being misled by "phishing"? security curmudgeon (Jun 29)
- Re: Are consumers being misled by "phishing"? n3td3v (Jun 29)
- Re: Are consumers being misled by "phishing"? n3td3v (Jun 29)
- Re: Are consumers being misled by "phishing"? mikeiscool (Jun 28)
- Re: Are consumers being misled by "phishing"? GroundZero Security (Jun 29)
- Re: Are consumers being misled by "phishing"? Gadi Evron (Jun 29)
- Re: Are consumers being misled by "phishing"? teh kids (Jun 29)
- Re: Are consumers being misled by "phishing"? neil davis (Jun 29)
- Re: Are consumers being misled by "phishing"? Bill Weiss (Jun 29)
- Re: Are consumers being misled by "phishing"? Neil Davis (Jun 29)