He explains: “SMiShing [or as I’ve seen it, smishing] is a security attack in which the user is tricked into downloading a Trojan horse, virus or other malware onto his cellular phone or other mobile device. SMiShing is short for “SMS phishing.” ”
“SMS stands for Short Message Service, ‘a text messaging service component of most telephone, World Wide Web, and mobile device systems.'”
Techtarget explains: “Some cell phone users have started receiving SMS messages along these lines: ‘We’re confirming you’ve signed up for our dating service. You will be charged $2/day unless you cancel your order: http://www.smishinglink.com.’ (This is an example and was not a real url at the time of writing.)
“This phenomena, which we at McAfee Avert Labs are dubbing ‘SMiShing’ (phishing via SMS), is yet another indicator that cell phones and mobile devices are becoming increasingly used by perpetrators of malware, viruses and scams.”
I hope the powers that be settle on the lower-case version, because SMiShing is damn ugly.
“Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone in an attempt to scam the user into surrendering private information that will be used for identity theft.”
It’s made it into the Webopedia. And Social-Engineering.org notes: “Vishing has proven to be one of the most successful methods of gaining information needed to breach an organization. It’s estimated telephone fraud leads to a global loss of about $46.3 billion per year.”
There’s even a Wikipedia page for voice phishing. “It is sometimes referred to as ‘vishing’, a word that is a combination of ‘voice’ and phishing.”
Dan suggests “These [words] both have very specific meanings and I could see them becoming part of a law enforcement vocabulary.” I’m inclined to agree, if it hasn’t already happened.