\
In today's digital age, cybersecurity is no longer just a technical issue, but a critical component of our daily lives. As technology evolves, so too do the methods employed by cybercriminals to exploit vulnerabilities, often focusing on the human element of security. This article outlines several common types of cybersecurity attacks that individuals and organizations should be aware of in order to better protect themselves.
\
Social Engineering
Social engineering is the art of manipulating people so they give up confidential information. The types of information these criminals are seeking can vary, but when individuals are targeted, the criminals are usually trying to trick you into giving them your passwords or bank information, or access your computer to secretly install malicious software—that will give them access to your passwords and bank information as well as giving them control over your computer.
\
\
https://youtu.be/Vo1urF6S4u0?si=To_pZ2TH6fVdbAEP
\n \n More advanced reading:https://phoenixnap.com/blog/social-engineering-examples
\
Phishing
Phishing attacks are the process of attempting to acquire sensitive information such as usernames, passwords, and credit card details by masquerading as a trustworthy entity in an electronic communication. Typically carried out through email or instant messaging, it often directs users to enter personal information at a fake website which matches the look and feel of the legitimate site.
https://youtu.be/gWGhUdHItto?si=Wh7_ZwbyiNPScsaS&embedable=true
\
More advanced reading: https://www.verizon.com/business/resources/articles/s/the-history-of-phishing/
\
Spear Phishing
Spear phishing is a more sophisticated form of phishing, where the attack is tailored and directed towards specific individuals or companies. These emails may appear to come from a trusted source and often incorporate personal information to bypass initial skepticism.
https://youtu.be/fZc2oXfz9Qs?si=omkiy3KiQhCOM8Bf&embedable=true
More advanced reading: https://hempsteadny.gov/635/Famous-Phishing-Incidents-from-History
\
Whaling
A whaling attack is a form of phishing targeted at senior executives and other high-profile targets within businesses. Here, the content will be crafted to target an upper manager and the message might look like a legal subpoena, customer complaint, or executive issue.
\
https://youtu.be/BU8h9GzdlSw?si=VIM2mKfiIUqLVtpW&embedable=true
\
More advanced reading: https://www.fortinet.com/resources/cyberglossary/whaling-attack
\
Vishing
Vishing is the telephone equivalent of phishing. It is described as using voice communication to scam the user into surrendering private information that will be used for identity theft. The scammer usually pretends to be a legitimate business, and fools the victim into thinking they will profit.
\
https://youtu.be/xuYoMs6CLEw?si=Bkxk-kM9T5iCG_Sr&embedable=true
More advanced reading: https://www.cisco.com/site/us/en/learn/topics/security/what-is-vishing.html
\
Tailgating and Piggybacking
These methods involve an unauthorized person physically following an authorized person into a restricted area. In tailgating, the unauthorized person follows without the authorized person’s knowledge; in piggybacking, the authorized person actually helps the unauthorized one gain access.
\
https://youtu.be/jksOir0WGM8?si=Q3B8OCtlOhGpVPd4&embedable=true
More advanced reading: https://www.mcafee.com/blogs/internet-security/what-are-tailgating-attacks
\
Impersonation: Fake Identities
This involves an attacker pretending to be someone else to gain unauthorized access to systems, data, or networks. Impersonation can be as simple as stealing a user ID and password or as complex as creating a fabricated identity to infiltrate an organization.
\
https://youtu.be/ePBkx7MDloY?si=n20q0TA7UKOpOFwq&embedable=true
More advanced reading: https://www.upguard.com/blog/impersonation-attack
\
Dumpster Diving
In this attack, hackers sift through trash bins to find discarded but sensitive information that can be used in further attacks—this could include paperwork containing personal details, passwords, corporate information, etc.
\
https://youtu.be/h0UfLMy_Fq0?si=g-7mfQGyNpAIhoKL&embedable=true
\
More advanced reading: https://www.palisade.email/resources-post/understanding-dumpster-diving-a-comprehensive-guide-to-this-cybersecurity-threat
\
Shoulder Surfing
This occurs when someone watches you enter sensitive information on a keypad or computer screen. It is a direct observation technique, such as looking over someone's shoulder, to get information like passwords and PIN numbers.
\
https://youtu.be/P9P07OgIkWY?si=CHUCIenU6jpRb6Ve&embedable=true
More advanced reading: https://www.keepersecurity.com/blog/2023/07/26/what-is-shoulder-surfing/
\
Hoaxes and Watering Hole Attacks
Hoaxes are messages that trick the recipient into believing something false and often prompt them to part with confidential information or infect their systems with malware. Meanwhile, watering hole attacks target entire groups by infecting websites they are known to use with malware.
https://youtu.be/RNWiqj_lkcs?si=pCZl1171oV6Ibd29&embedable=true
More advanced reading: https://en.wikipedia.org/wiki/Virus_hoax
\
Understanding these types of cybersecurity threats is the first step in protecting yourself from them. Awareness, combined with proactive measures and good security practices, can significantly reduce the risk of falling victim to cyber attacks.
\
References
Human generated text revision by ChatGPT
Various videos from youtube.com - links provided above
Cybersecurity articles as linked above
\
