Phishing, malware – what does it all mean? Let us explain.
Malware: Malicious software used to access or disrupt IT systems, gather sensitive information, or display unwanted advertising. It is often received through phishing or spam emails but can also be hidden in online ads and pop up messages.
Ransomware: A common form malware restricting access to an infected computer system and demands a ransom to remove the restriction. Ransomware typically circulates as a virus within an email attachment disguised as a seemingly legitimate file.
Social engineering: Occurs when people are manipulated into doing things they shouldn’t or divulging confidential information. It can be initiated in person, via email (Phishing), over the phone (Vishing), through an SMS message (Smishing) or via social media sites such as LinkedIn and Facebook.
It is a more frequently used tool because it delivers a targeted and realistic attack enabled by publically available information and social media.
Phishing: Emails that appear to come from an official source when in reality are a scam attempting to extract sensitive information like usernames, passwords or credit card details.
A victim could unwittingly enter account details into a fake bank website or click on a link which installs malware on their computer and network.
Spear phishing & email hijacking: More targeted versions of the above. Rather than a scattergun approach aimed at several individuals, spear phishing targets a specific person.
An extension of the spear phishing attack vector is business email compromise or email hijacking. A common but effective example involves an email sent by a purported CEO of a company while they are travelling, urging the company treasurer to make an urgent and discreet payment.