Cybercriminals are known for their crafty and sometimes ingenious methods for compromising accounts and networks. The list below describes some methods that you are likely quite familiar with, and perhaps some that you have not seen before.
- PHISHING. This one is the most common, and is the attack vector you are most likely to see on a daily basis. It's as simple as attempting you to enter your log in credentials for an email account or banking account into a fake website, where they can intercept and store the credentials for later use. This one can lead to immediate financial loss in the event of a banking compromise, or chained attacks through use of an email account.
- BAITING. Baiting uses an enticing item to lure employees into delivering a malware payload by virtue of their own curiosity or greed. Can be as simple as leaving an infected USB drive where someone can find it, and will want to plug it into their computer, thus delivering the payload. This particular attack vector is how the Stuxnet malware was introduced to the Iranian uranium centrifuges, which highlights how serious this method can be.
- QUID PRO QUO. It’s like baiting, except that hackers offer a service instead of an item in return for private data. Think about a tech support scam, for example. Eventually, the attackers are going to hit someone who is actually encountering troubles with their computer, making them more likely to trust the attacker and give them access to their network.