Closed gdbassett closed 1 year ago
Based on wikipedia (https://en.wikipedia.org/wiki/Phishing) and the oxford dictionary (the fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. "an email that is likely a phishing scam")
phishing always involves getting data from the victim. phishing probably always has some element of pretexting, but that often it doesn’t rise to the level of an invented scenario. like a fake google login page isn’t really pretexting.
Similarly pretexting may have some element of phishing (data transfer), but causing a fraudulent transfer or changing the bank account on a business account don't necessarily disclose data (such as the source bank account) the way phishing does (creds, PII, etc).
I think the significance of the information disclosed is clear enough to distinguish when you should use phishing, pretexting, or both.
One thing to consider is the colloquial definition has expanded to almost any crime by email. https://twitter.com/sawaba/status/1372932300841816065
Also request Dave/Suzanne edit.
This has caused some confusion as it does not leave a clear location for emails that involve malware. For now, we'll likely treat emails that use a social variety to get the recipient to run a malicious script or executable as phishing. However we need to consider how to handle the definitions, add a hierarchy such as "phishing - malware" -> "phishing" <- "phishing - data", or some other clear definition.
Alex agrees with adding hierarchy to phishing. In the short term we will keep coding `phishing - malware' as phishing.
malware.vector.Email vs attribute.confidenality.data (or just not malware.vector.Email) already captures this.
Instead consider enumerating social.variety.Phishing to look at malware.vector.Email together.
Phishing: Phishing (or any type of *ishing)
is unacceptable. Need a better definition. This most greatly impacts deciding when to code phishing with other social varieties when 'email' is the social vector.