>Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication
"using virtualbox" isn't sensitive information. I haven't read the emails, but I doubt Oracle is disguising themselves as the company's IT department or something.
If you don't think information that subjects an entity to massive legal liability is sensitive, then I really don't understand where you're coming from.
The entire point of these emails is to bypass established channels by getting random employees to leak information. If they want licensing information, there's an IT point of contact for that. Or Contracts. Or Legal. They are literally fishing for information leakage that would give them grounds to sue.
> I doubt Oracle is disguising themselves as the company's IT department or something.
They wouldn't. At this stage the point is to convey a false sense of authority without being outright fraud. You have to wrap everything in vague but threatening insinuations-- "help us or you could face fines of up to a bazillion dollars, and/or you might go to JAIL."
The key words are fraudulently and by disguising as a trustworthy entity. If they clearly identify themselves as oracle, asking about virtualbox usage, then it's not phishing.
> They are literally fishing
You can "fish for info" in a hundred ways. Only a small subset of that is "phishing".
>If you don't think information that subjects an entity to massive legal liability is sensitive, then I really don't understand where you're coming from.
The employees were already subjecting their company to legal liability when they were using unlicensed software.
>The entire point of these emails is to bypass established channels by getting random employees to leak information. If they want licensing information, there's an IT point of contact for that. Or Contracts. Or Legal. They are literally fishing for information leakage that would give them grounds to sue.
So if I'm Oracle and I'm trying to find unlicensed enterprise users, what am I supposed to do? Call up their IT/legal department and hope that they'll investigate for me, and respond with a truthful response? Is Oracle not allowed to investigate on their own for licensing infractions? I feel like the only reason people are up in arms about this is because Oracle is doing it. If some startup was doing this to discover that some big corp was not paying their licensing fees, no one would blink an eye.
>They wouldn't. At this stage the point is to convey a false sense of authority without being outright fraud. You have to wrap everything in vague but threatening insinuations-- "help us or you could face fines of up to a bazillion dollars, and/or you might go to JAIL."
Sure, but cops do the same thing (if not more). I'm not saying either is okay, but both are not "phishing".
>Phishing is the fraudulent attempt to obtain sensitive information such as usernames, passwords and credit card details by disguising as a trustworthy entity in an electronic communication
"using virtualbox" isn't sensitive information. I haven't read the emails, but I doubt Oracle is disguising themselves as the company's IT department or something.