Types of Attacks

• Social engineering

  • Phishing

Phishing is a method that attackers use in which they will send emails to a user, pretending to be from reputable companies, in order to get a user to either divulge information or assist the attacker in getting access.

  • Spear phishing

Spear Phishing is phishing attack but aimed with a specific person in mind that they wish to ‘catch’. This may be specifically targeted phishing emails or something eye catching but aimed at a single individual or group of individuals (e.g. administrators?)

  • Whaling

Why go phishing when you can go right for the top? Whaling is phishing aimed at high level of business e.g. management, CEO’s, CTO’s, board members etc.

  • Vishing

Vishing is essentially phishing but via telephone, social engineers will attempt to get targets to divulge information or assist them with access via telephone.

  • Tailgating

Tailgating is the physical act of following someone through doors or barriers that usually require authentication, closely enough that you dont need to authenticate. This may be a door or checkpoint that requires you to present a pass or keyfob.

  • Impersonation

Impersonation is when a threat actor pretends to be someone they are not, usually someone who might need access to a certain space or building, this could be an internet repair guy, or engineer of some kind. It could also be someone from ‘head office’ or from the same organisation.

  • Dumpster diving

Dumpster diving is the process of going through ‘dumpsters’ or waste to find information in the form of paperwork or electronics which have not been properly disposed of.

  • Shoulder surfing

Should surfing is the process of looking over someones shoulder to see what they may have on the screen of their device, and hopefully gleam information from this.

  • Hoax

A hoax is usually some formula of either phishing, vishing or even adware which claims that you are already meet some criteria (possibly that you already have malware) and to take a certain action. Sometimes used to gain access to a building or network.

  • Watering hole attack

A Watering hole attack is where a threat actor may put malware on a website that its target frequents in order to get to the targets system.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.