Social Engineering

Phishing

a broad term used to describe the fraudulent acquisition of information, often focused on credentials like usernames and passwords, as well as sensitive personal information like credit card numbers and related data

Vishing

is phishing accomplished via voice or voicemail messages

Smishing

relies on text messages as part of the phishing scam

Misinformation

is incorrect information, often resulting from getting facts wrong

Disinformation

is incorrect, inaccurate, or outright false information that is intentionally provided to serve an individual or organization’s goals

Impersonation

Pretending to be someone else

Business Email Compromise

Relies on using legitimate email addresses to conduct scams and other attacks

Pretexting

is the process of using a made-up scenario to justify why you are approaching an individual

Watering Hole Attacks

use websites that targets frequent to attack them

Brand Impersonation

Uses emails that are intended to appear to be from a legitimate brand, relying on name recognition and even using email templates used by the brand itself

Typosquatting

Rely on the fact that people will mistype URLs and end up on their sites, thus driving ad traffic or even sometimes using the typo-based website to drive sales of similar but not legitimate products

Pharming

relies either on changing a system’s hosts file (which is the first reference a system checks when looking up DNS entries) or on active malware on the system that changes the system’s DNS servers. A successful pharming attack using a hosts-file-based technique will modify a hosts file and redirect unsuspecting victims to a lookalike site.