I figure this is a good spot to ask ... I was about halfway through a degree in information systems security before I moved... and just haven't gotten back yet. We were taught the difference between phishing and social engineering. The company I am working for now seems to think that phishing is anything related to trying to get information illegally, either via mail or the phone or whatever. I'm trying to tell them that the method of using email is phishing and doing stuff like calling a support center on the phone or something like that is called social engineering, but they don't seem to grasp the concept of two different terms being used this way. I know for a fact that in class we were taught that phishing is an email posing as coming from a trusted source, aka the Bank Of America graphics with URLs routing to a hostile server, whereas someone calling over the phone to try to get information about someone is called social engineering, but these guys here at this company think that phishing is everything.