Phishing vs social engineering

Discussion in 'Community Discussion' started by sk1wbw, Mar 3, 2014.

  1. sk1wbw Suspended

    sk1wbw

    Joined:
    May 28, 2011
    Location:
    Williamsburg, Virginia
    #1
    I figure this is a good spot to ask ...

    I was about halfway through a degree in information systems security before I moved... and just haven't gotten back yet. We were taught the difference between phishing and social engineering. The company I am working for now seems to think that phishing is anything related to trying to get information illegally, either via mail or the phone or whatever.

    I'm trying to tell them that the method of using email is phishing and doing stuff like calling a support center on the phone or something like that is called social engineering, but they don't seem to grasp the concept of two different terms being used this way.

    I know for a fact that in class we were taught that phishing is an email posing as coming from a trusted source, aka the Bank Of America graphics with URLs routing to a hostile server, whereas someone calling over the phone to try to get information about someone is called social engineering, but these guys here at this company think that phishing is everything.
     
  2. mobilehaathi macrumors G3

    mobilehaathi

    Joined:
    Aug 19, 2008
    Location:
    The Anthropocene
  3. sk1wbw thread starter Suspended

    sk1wbw

    Joined:
    May 28, 2011
    Location:
    Williamsburg, Virginia
    #3
    What's got me pissed off about the whole thing is a question on a quiz had the wrong answer. the question was dealing with someone calling to try to get information about someone else, and the correct answer was phishing and that's not what I chose.

    Even the instructor said that phishing can be done over the phone and that's not what phishing is.
     
  4. imaketouchtheme macrumors 65816

    Joined:
    Dec 5, 2007
    #4
    http://en.m.wikipedia.org/wiki/Voice_phishing
     
  5. sk1wbw thread starter Suspended

    sk1wbw

    Joined:
    May 28, 2011
    Location:
    Williamsburg, Virginia
    #5
    If it's voice, then it's social engineering. According to the people who taught me at school, professors with doctorates, phishing is an email and that's what I was taught and that's what I'm sticking with. :)
     
  6. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #6
    If it sounds like a duck, looks like a duck, its a duck.

    Why should the medium dictate the title you call it. Most people now a days will call it phishing because that's what they know. If someone tries to get info out of me, whether its via email, or phone there's really no difference.

    Besides, it seems the linked wiki states that is a phising attempt using social engineering, so it uses both of the concepts you bring up.
     
  7. Mousse macrumors 68000

    Mousse

    Joined:
    Apr 7, 2008
    Location:
    Flea Bottom, King's Landing
    #7
    The jargon is important when one works in a specific industry. Like how we classify different DVD discs: DVD-ROM, DVD-RAM, DVD-R, DVD+R, DVD-RW, DVD+RW and so on. To regular folks they're all just DVD's.

    Economy of words matters to the specific few who works in those industries. When a general contractor tells his crew he wants a load bearing wall, his crew knows exactly how to make the top plate without him going into details.
     
  8. Tomorrow macrumors 604

    Tomorrow

    Joined:
    Mar 2, 2008
    Location:
    Always a day away
    #8
    I'm with you, more or less - my idea of phishing is via email, website, etc., but definitely not social. If there's a social aspect to it, using live communication (including text/IM/chat), I would call it social engineering.

    Because to the people using these methods, they're different, and they have different names. Like "hacking" correlates with computers, but in the days of POTS, using a telephone was "phreaking," not "hacking" - even though you're doing more or less the same thing.
     

Share This Page