Phishing is phishing

E-mail phishing. Spear phishing. Whaling. Pharming. Smishing. Vishing.

What’s next? Slishing (on Slack)? Dishing (over Discord)? Wishing (via Webex)? Kishing (through a Sean Connery themed dating site)?

Creating a new verb for every attack vector is a sure-fire way to overwhelm users to the point of not caring.

It’s true that we as #cybersecurity professionals find it useful to articulate the various categories, but to the end user, phishing is phishing.

Awareness training should focus on the techniques attackers might employ to trick your users into doing the wrong thing or providing information to the wrong people.

Not adding yet another word or category they don’t care about to their vocabulary.