RE the term "Phishing:"

A recent flurry of activity that falls within the general "phishing" catergory reportedly used internal email directories "hacked" from several large businesses to send similar emails to employess asking them to "confirm" their passwords and other sensitive information. In some cases they asked for personal information "to confirm the identity of the respondent."

The gimmick here was that the purported "sender" of the requests was the CEO or other high-ranking company official, with reasonably good simulation of the format/layout of messages common in the businesses that were attacked.

As one article asked, "If you worked for Microsoft and received a personal request for information from Bill Gates, wouldn't you reply???" Apparently a lot of people did.

The more specific term "Spear Phishing" was briefly popular to describe this particular variant - "Phishing using the names of specific persons known to the victim, who are members of management of the organization where the victim works."

It does seem that it might be a bit more "persuasive" to get an internal message from your boss making a ridiculous request, than to get a message from your bank. It's still a fake.

John