Phishing Flashcards
Phishing
is the use of digital communications to trick people into revealing sensitive data or deploying malicious software
Common types of phishing attacks
-Business Email Compromise (BEC)
-Spear phishing
-Whaling
-Vishing
-Smishing
BEC
Business Email Compromise: A threat actor sends an email message that seems to be frim a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage
Spear phishing
A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.
Whaling
A form of spear phishing. Threat actors target company executives to gain access to sensitive data
Vishing
The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source
Smishing
the use of texts messages to trick users, in order to obtain sensitive information or to impersonate a known source
Malware
is software designed to harm devices or networks.
The primary purpose of malware is to obtain money, or in some cases, an intelligence advantage that can be used against a person, an organization, or a territory
Common types of malware attacks
-Viruses
-Worms
-Ransomware
-Spyware
Viruses
Malicious code written to interfere with computer operations and cause damage to data and software
how does a virus get initiated?
a virus needs to be initiated by a user (i.e., a threat actor), who transmits the virus via a malicious attachment or file download. When someone opens the malicious attachment or download, the virus hides itself in other files in the now infected system. When the infected files are opened, it allows the virus to insert its own code to damage and/or destroy data in the system.
Worms
Malware that can duplicate and spread itself across systems on its own. In contrasto a virus, a worm does not need to be downloaded by a user. Instead, it self-replicates and spreads from an already computer to other devices on the same network.
Ransomware
A malicious attack where threat actors encrypt an organization’s data and demand payment to restore access to
Spyware
Malware that’s used to gather and sell information without consent. Spyware can be used to access devices. This allows threat actors to collect data, such as private emails, texts, voice and image recordings, and locations
Social engineering
Is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question.
Common types of social engineering attacks
-Social media phishing
-Watering hole attack
-USB baiting
-Physical social engineering
social media phishing
a threat actor collects detailed information about the target from social media sites then they initiate an attack 
Watering hole attack
A threat actor attacks a website frequently visited by a specific group of users
USB baiting
A threat actor strategically leaves a malware USB stick for an employee to find and install, to unknowingly infect a network
Physical social engineering
A threat actor impersonates an employee, customer, or vendor to obtain unauthorized access to a physical location
Reasons why social engineering attacks are effective;
•Authority
•Intimidation
•Consensus/social proof
•Scarcity
•Familiarity
•Trust
•Urgency
Authority
Threat actors impersonate individuals with power. This is be used people, un general, have been conditioned to respect and follow authority figures.
