What is phishing?
A social engineering attack where attackers trick users into revealing sensitive information through fake emails or websites.
What is spear phishing?
A targeted phishing attack aimed at a specific individual or organization using personalized information.
What is whaling?
A phishing attack targeting high-profile individuals such as executives or administrators.
What is vishing?
Voice phishing — attackers use phone calls or voicemail to trick users into revealing information.
What is smishing?
SMS phishing — attackers send malicious or deceptive text messages.
What is pretexting?
An attacker invents a scenario to trick someone into giving up information or access.
What is baiting?
Luring a victim with something appealing (like free software or USB drives) that contains malware.
What is tailgating?
An unauthorized person follows an authorized person into a secure area without proper credentials.
What is shoulder surfing?
Looking over someone’s shoulder to obtain sensitive information like passwords or PINs.
What is dumpster diving?
Searching through trash to find confidential information like passwords or documents.
What is a denial-of-service (DoS) attack?
An attack that floods a system or network with traffic to make it unavailable to users.
What is a distributed denial-of-service (DDoS) attack?
A coordinated DoS attack launched from many compromised systems (botnets).
What is a man-in-the-middle (MITM) attack?
An attacker intercepts communication between two parties to steal or alter information.
What is DNS poisoning?
Altering DNS records to redirect users to malicious websites.
What is ARP poisoning?
Manipulating ARP tables to redirect network traffic to the attacker’s device.
What is session hijacking?
Taking control of a user’s active session to gain unauthorized access.
What is privilege escalation?
Exploiting a flaw to gain higher access rights than intended.
What is a zero-day attack?
An attack exploiting an unknown or unpatched vulnerability.
What is brute-force attack?
An attacker tries every possible password or key until the correct one is found.
What is dictionary attack?
An attacker uses a list of common passwords or words to guess credentials.
What is rainbow table attack?
Using precomputed hashes to crack passwords faster.
What is social engineering?
Manipulating people into performing actions or revealing confidential information.
What is insider threat?
An employee or authorized user intentionally or accidentally causes harm to the organization.
What is spoofing?
Impersonating another system, device, or user to trick others into trusting the attacker.
