ITEC 100 - WEEK 5

can be anything

that can take advantage

of a vulnerability to

breach security and

negatively alter, erase,

harm object or objects

of interest.

Threat

is an information

security threat that involves

an attempt to obtain,

alter, destroy, remove,

implant or reveal information

without authorized

access or permission.

attack

is a social

engineering attack that tricks

users into revealing sensitive

information, such as

usernames and passwords,

through deceptive emails,

texts, or messages, often

containing malicious

attachments or links that

steal data.

Phishing Attack

use fake domains or deceptive sender names

to steal credentials or install malware.

Email Phishing

involves attackers impersonating executives

via email to request money transfers or document reviews.

Whaling

is a phishing attack via text messages, tricking users into

clicking malicious links that install malware.

Smishing

or voice phishing, uses phone calls to trick victims into

revealing sensitive information, often by impersonating authorities.

Vishing

exploits social media notifications or messages to

deceive users into taking harmful actions.

Angler phishing

Cybercriminals now use HTTPS links in phishing attacks to

appear legitimate.

HTTPS Phishing

targets specific individuals or organizations with

deceptive messages that appear trusted, tricking them into

revealing sensitive information or compromising their devices.

Spear phishing

hijack DNS servers to redirect users to

fraudulent websites that mimic legitimate ones.

Pharming attacks

Attackers exploit website pop-ups to inject malicious code,

tricking users into installing malware by allowing notifications.

Pop-up Phishing

mimics legitimate emails, replacing attachments

or links with malware while appearing to come from a trusted

sender.

Clone phishing

attack uses a fake Wi-Fi hotspot to steal login

credentials through man-in-the-middle tactics.

evil twin

infects websites commonly visited by a

specific group of end-users to compromise their devices and

gain network access.

Watering Whole Phishing

If a member of

senior management has not been in

contact before, be careful to take

the action that is requested.

Abnormal Requests:

Attackers might seem real, but make

sure you double-check and confirm

from senior management before

making any financial transactions.

Confirm before any action:

Text requiring the

recipient to take action to change the

delivery will include a link, so always

search the email or go directly to the

delivery service's website to check the

status.

Change delivery status:

Review the prefix and

compare it to your contact list before

replying to a text message or taking the

suggested action.

Abnormal prefix:

The number may be from

an unusual location or may be blocked.

Call Number:

The call requested

personal information which would seem

unusual for this type of caller.

Action Required:

Be careful with

notifications indicating additions to

posts as they can include links that

direct recipients to malicious websites.

Notifications:

Beware of direct messages from people who

rarely use this feature as accounts can

be faked or fraudulently re-created.

Abnormal direct messages:

are an

emerging kind of threat that target

software developers and suppliers.

The goal is to access source codes,

build processes, or update

mechanisms by infecting

legitimate apps to distribute

malware.

Supply chain attacks

is a cyberattack where attackers impersonate

a trusted executive, employee, or business

partner to deceive organizations into

transferring money or sensitive data.

Business Email Compromise (BEC)

An executive or employee's email account is

hacked and used to request invoice payments to vendors listed in their

email contacts. Payments are then sent to fraudulent bank accounts.

Account Compromise

Attackers pretend to be a lawyer or

someone from the law firm supposedly in charge of crucial and

confidential matters. Normally, such bogus requests are done through

email or phone, and during the end of the business day.

Attorney Impersonation

Employees under HR and bookkeeping are targeted to

obtain personally identifiable information (PII) or tax statements of

employees and executives. Such data can be used for future attacks.

Data Theft

it is where attackers impersonate a company's CEO or

executive to trick employees into making unauthorized wire transfers or

sharing sensitive information.

CEO Fraud

it is a fraud tactic where attackers pose as

suppliers or vendors, sending fake invoices to businesses to deceive

them into making payments to fraudulent accounts.

Bogus Invoice Scheme