Phishing- or social engineering through electronic communications has evolved at an incredible rate. So much so that it is difficult to keep users updated on what we mean when we say Phishing.
Originally people would have thought one was referring to any scam email that required them to take an action.
But recently it has developed into very targeted and knowledgeable emails. These attacks have resulted in well publicized security incidents such as the Sony hack, the Carbanak bank heist and the ongoing “business email compromise scam” as referenced by the FBI here.
The choice of term by the FBI is one of the best examples as to why we need to use analogies in the information security industry. “Business Email Compromise” just doesn’t work if you are trying to alert people to a serious threat to their companies. People need something they can remember and preferably a term that paints a picture for them.
So let us try and extend the Phishing analogy to cover the “unlikely to become well known” Business Email Compromise. The obvious analogy for these would be “Big Bad Wolf” emails. They are dressed up as Grandma and you really need to spot the fact that she has bigger teeth than normal. This analogy has previously been toyed with by ebay when describing Phishing to their users in this rather enjoyable video.
However can we bring it back to Fishing as opposed to Phishing. One fishing analogy that occurred to me to describe these particular scams was Noodling or Trout Tickling where a fisherman tickles the belly of a fish by hand before whipping the victim out of the water. It was already taken. This has been already used to describe a fraud where someone poses as a love interest to later be in need of some electronic transfer of funds type assistance.
So here we are. – The industry as a whole needs this analogy to help warn people of a scam that has so far netted over $1.2 Billion to the fraudsters yet we are stuck.
If you think we should break away from the fishing analogy and go with “The Big Bad Wolf” for the “Business Email Compromise” scam then let me know over at Phishing Awareness