Phishing
Phishing is...
the process of attempting to acquire sensitive information such as usernames, passwords, and credit card details. It's done by masquerading as a trustworthy entity on bulk email, which tries to evade spam filters. Emails claiming to be from popular social websites, banks, auction sites, or IT administrators are commonly used to lure the unsuspecting public. It's a form of criminally fraudulent social engineering.
Vishing (Voice Phishing):
A phishing attack conducted by telephone. Vishing is the phone equivalent of a phishing attack. There are two forms of this: 1. human & 2. automated. In the human example, a scam artist uses the anonymity of a phone call and pretends to be a representative of their target's bank or credit card company, etc. They manipulate the victim to enter their PIN, credit card number, or bank account (and routing number) with the phone keypad. This allows the scammer to get instant access to another person's bank credentials.
Spear Phishing:
A small, focused, targeted phishing attack on a specific person or organization, with the goal to penetrate their defenses. The attack is done after research has been done on the target, and has a specific personalized component designed to make the target do something against his or her own interest.
CEO fraud:
A spear phishing attack that targets high-risk users—people in Accounting, HR, or executive assistants—in which the hacker claims to be the CEO (or another executive) and urges an employee to do something that would not be authorized by the legitimate sender.
Phish Prone Percentage:
A term coined by KnowBe4 that indicates the percentage of employees that are prone to click on phishing links. The customer starts with a baseline (a starting point used for comparison) percentage, which is the percentage of users who click on phishing links before being trained. Once trained, the test is done again 12 months later, to see the improvement.
Phishing Example
For example, the cyber criminals (bad guys) put together and send an email that looks like it comes from Chase Bank, saying you need to pay your credit card. This is phishing because it's an attempt by the bad guys to get you to click on something or fill something out that gives them your information—in this case, your banking login information.
Smishing:
Phishing conducted via Short Message Service (SMS), a telephone-based text messaging service. A smishing text, for example, attempts to entice a victim into revealing personal information.
Email Spoofing:
Spoofing (tricking or deceiving) computer systems or other computer users. Email spoofing involves sending messages from a bogus email address or faking the email address of another user. It's a tactic used in phishing because people are more likely to open an email when they think it has been sent by a legitimate source. Spoofing is a common tactic in CEO Fraud attacks.
Social Engineering:
The act of manipulating people into performing actions or divulging confidential information. The term typically applies to trickery or deception for the purpose of information gathering, fraud, or computer system access.
Phishing Attack Surface:
The quantity of emails exposed on the internet. The more email addresses exposed, the bigger the attack footprint is and the higher the risk for phishing attacks.
