Section 5.40 Phishing Attacks Flashcards
Objectives 2.2 Explain common threat vectors and attack surfaces Objectives 5.6 Given a scenario, implement security awareness practices
6 phishing attack examples
Different Types of Phishing Attacks
- Phishing
- Spear Phishing
- Whaling
- Business email compromise (BEC)
- Vishing
- Smishing
Different Types of Phishing Attacks
Phishing
Sending fraudulent emails that appear to be from reputable sources with the aim of convincing individuals to reveal personal information, such as passwords and credit card numbers.
e.g If you click on a link which you think is google and you enter username and password the attacker can use these details for malicious activity
Spray and pray approach
Spear Phishing
More targeted form of phishing that is used by cybercriminals who are more tightly focused on a specific group of individuals or organizations. This has a higher success rate
e.g Attacker has emails of the customers of a bank. The attacker then sends them an email which seems legit asking for private information
Targeted approach
Whaling
Form of spear phishing that targets high-profile individuals, like CEOs or CFOs
Attacker isn’t trying to catch the little fish in an organization, but instead they want to catch one of the executives, board members, or higher level managers in the company since the rewards are potentially much greater
Often used as an initial step to compromise an executive’s account for subsequent attacks within their organization
Business email compromise (BEC)
Sophisticated type of phishing attack that usually targets businesses by using one of their internal email accounts to get other employees to perform some kind of malicious actions on behalf of the attacker
Taking over a legitimate business email accounts through social
engineering or cyber intrusion techniques to conduct unauthorised fund transfers, redirect payments, or steal sensitive information
Vishing
Attacker tricks their victims into sharing personal or financial information over the phone
e.g Attacker acting as a Bank exec calling customer to gain priivate information
Smishing
Involves the use of text messages to trick individuals into providing their personal information
SMS
SMS Phishing