I'm not questioning the usage, just wondering why.
> lay person...who will not care too much about the nuances of how the attack is perpetrated
But the mechanism of the attack, and the way to protect against it is entirely different. That's my major issue, which I failed to fully explain above. These are completely different attacks, and completely different mitigations. And they only sometimes share the same target of the attack.
I had a customer once who wanted a security assessment of their payment terminal. Apparently one was stolen and they wanted to know how difficult it would be for an attacker to... well... "you know the name of the attack where they steal credit card info and such ?". So I replied "skimming".
The attack actually did happen where they reversed the terminal to find vulnerabilities and used that to steal a database with payment information. No physical device was used for the attack, but the name "skimming" seemed relevant.
Bottom line is, you use the word you and involved people know to describe the threat we face.
> Bottom line is, you use the word you and involved people know to describe the threat we face.
Fair enough, that sounds practical. It just seemed like those two attacks were very different in mechanismn and mitigation. The term confused me here. But hard to argue with experience.
I'm not questioning the usage, just wondering why.
> lay person...who will not care too much about the nuances of how the attack is perpetrated
But the mechanism of the attack, and the way to protect against it is entirely different. That's my major issue, which I failed to fully explain above. These are completely different attacks, and completely different mitigations. And they only sometimes share the same target of the attack.