Targeted form of Cyber attack where attackers compromise a specific website or service that their target is known to use
Watering Hole Attacks
A form of Cyber attack where an attacker registers a domain name that is similar to a popular website but contains some common typographical error
Typosquating
Specific form of impersonation where an attacker pretends to represent a legitimate company or brand
Brand Impersonation
An attack where an adversary assumes the identity of another person to gain unauthorized access to resources of steal sensitive data
Impersonation
The power or right to give orders, make decisions, and enforce obedience
Authority
Compelling sense of immediacy or time-sensitivity that drives individuals to act swiftly to prioritize certain actions
Urgency
Psychological phenomenon where individuals look to the behaviors and actions of others to determine their own decisions or actions in similar situations
Social Proof
Psychonological pressure people feel when they believe a product, opportunity, or resource is limited or in short supply
Scarcity
It is associated with being nice, friendly, and socially accepted by others
Likeability
Feeling afraid of someone or something, as likely to be dangerous, painful, or threatening
Fear
Fraudulent attack using deceptive emails from trusted source to trick individuals into disclosing personal information like passwords, and credit card numbers
Phishing
Used by cybercriminals who are more tightly focused on a specific group of individuals or organizations
Spear Fishing
Form of spear fishing that targets high-profile individuals, like CEOs or CFOs.
Whaling
Advanced fishing attack that leverages internal email accounts within a company to manipulate employees into carrying out malicious actions for the attackers
Business Email Compromise (BEC)
Phone-based attack in which the attacker deceives victims into divulging personal or finacial information
Vishing (Voice Phishing)
Attack that uses text messages to deceive individuals into sharing their personal information
Smishing (SMS Phishing)
Vital tool for educating individuals about phishing risks and how to recognize potential phishing attempts in user security awareness training
Anti-phishing Campaign
Email with “broken English,” poor grammar, or multiple spelling errors are often a phishing campaign
Poor Grammar and Spelling
Phishing emails induce urgency by pushing recipients to take immediate action
Urgency
Appraoching emails requesting sensitive information with high suspicion and caution
Unusual Requests
In HTML-based emails, the visible text is the display text, while the underlying URL of a web link can be manipulated
Mismatched URLs
Always verify the sender’s email address when receiving an email
Strange Email Address
The wrongful or criminal deception intended to result in financial or personal gain
Fraud
The use by one person of another person’s personal information, without authorization, to commit a crime or to deceive or defraud that other person or a third person
Identity Fraud
-
Data Protection37
-
Cryptographic Solutions20
-
Fundamentals of Security59
-
Threat Actors40
-
Physical Security25
-
Social Engineering34
-
MALWARE27
-
Third-Party Vendor Risks26
-
Security Infrastructure93
-
Governance and Compliance39
-
Vulnerabilities and Attacks49
-
Asset and Change Management36
-
Cyber Resilience and Redundancy51
-
Security Techniques58
-
Security Architecture40
-
Incident Response33
-
Alerting and Monitoring20
-
Identity and Access Management Solution57
-
HARDENING25
-
Vulnerability Management20
-
Malicious Activity31
-
Security Awareness13
-
Investigating an Incident10
-
Orchestration and Automation31
-
Areas Need Improvement13
-
Test-Data Monitoring10
