2008-01-21

Vishing

Do we really need another fish-related buzzword? I'm beginning to wonder if the security community will ever find another classification of security problems that doesn't involve the act of feeding oneself. I can't decide which is worse, this or spear phishing. I suppose it's the latter, as it's often used incorrectly to describe any targeted email attack - even those not attempting to coax PII out of hapless users. Once we get into crustaceans and invertebrates, I quit.

Ladies and gentlemen, please. "Vishing" is nothing but a slight variation on tactics that have been around for decades: phone phreaking and social engineering. That the FBI named it and is comparing it to phishing, not phreaking, is further cause for irritation. Simply because the vector of exploitation differs from these more classic scams and phreaks is no reason to confuse the public by coming up with yet another meaningless classification. It's almost as if the security and electronic music production industries are in competition.

It's no wonder the public is so confused.

No comments: