Types of Phishing

CEO fraud usually begins with the thieves either phishing an executive and gaining access to that individual’s inbox, or emailing employees from a look-alike domain name that is one or two letters off from the target company’s true domain name.

Similarly, when a criminal is trying to hack an organization, they won't re-invent the wheel unless they absolutely have to: They'll draw upon a common arsenal of attacks that are known to be highly effective, such as malware, phishing, or cross-site scripting (XSS).

What is Cross Site Scripting (XSS) Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSS differs from other web attack vectors (e.g., SQL injections), in that it does not directly target the application itself. Instead, the users of the web application are the ones at risk.

Deceptive Phishing. The term "phishing" originally referred to account theft using instant messaging but the most common broadcast method today is a deceptive email message.

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash.

These fake Dropbox email phishing scams with realistic login pages will try to steal your Dropbox or email password. See tips on how to spot and block them.

Share Google Docs users hit with sophisticated phishing attack share tweet Linkedin Reddit Pocket Flipboard Email If someone invites you to edit a file in Google Docs today, don’t open it — it may be spam from a phishing scheme that’s been spreading quickly this afternoon.

Malware A malware attack is a piece of malicious software which takes over a person’s computer in order to spread the bug onto other people’s devices and profiles. It can also infect a computer and turn it into a botnet, which means the cyber criminal can control the computer and use it to send malware to others.

If Bob sends his public key to Alice, but Mallory is able to intercept it, a man-in-the-middle attack can begin. Mallory sends a forged message to Alice that purports to come from Bob, but instead includes Mallory's public key.

Answer: Phishing and pharming are two different ways hackers attempt to manipulate users via the Internet. Phishing involves getting a user to enter personal information via a fake website. Pharming involves modifying DNS entries, which causes users to be directed to the wrong website when they visit a certain Web address.

Spear phishing is an email-spoofing attack that targets a specific organization or individual, seeking unauthorized access to sensitive information. Spear-phishing attempts are not typically initiated by random hackers, but are more likely to be conducted by perpetrators out for financial gain, trade secrets or military information.

Spear-phishing can easily be confused with phishing because they are both online attacks on users that aim to acquire confidential information. Phishing is a broader term for any attempt to trick victims into sharing sensitive information such as passwords, usernames, and credit card details for malicious reasons.

SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.