Review of Attack Types & Terms (N10-008)
(50)
1. Phishing: : In This attack, the attacker sends an email that seems to come from a respected bank or other financial
institution, claiming that the recipient needs to provide an account number, Social Security number, or other private
information to the sender in order to verify an account
2. Spear Phishing: A phishing technique when attackers target a specific individual or institution
3. Whaling: is a form of spear phishing that targets individuals or organizations that are known to possess a good deal
of wealth
4. Vishing: is a human-based attack where the goal is to extract personal, financial, or confidential
information from the victim by using services such as the telephone system and IP-based voice
messaging services as the communication medium. This is also called voice phish- ing
5. Tailgating: This is a human-based attack where the attacker enters a secure area by following a legitimate employee
without the employee's knowledge or permission
6. Piggy Backing: Similar to tailgating, this is a situation where the attacker enters a secure area with an employee's
permission
7. Impersonation: is a human-based attack where an attacker pretends to be someone they are not.
A common scenario is when the attacker calls an employee and pretends to be calling from the help desk.
8. Dumpster Diving: A human-based attack where the goal is to reclaim important
information by inspecting
the contents of trash containers
9. Shoulder Surfing: This is an attack where the goal is to look over the shoulder of an individual as he or she enters
password information or a PIN
10.Hoax: is an email-based, IM-based, or web-based attack that is intended to trick the user into performing
1/
, Review of Attack Types & Terms (N10-008)
(50)
unnecessary or undesired actions, such as deleting important system files in an attempt to remove a virus. It could also
be a scam to convince users to give up important information or money for an interesting offer
11.Watering Hole Attack: is when the attacker targets specific groups or organiza- tions, discovers which websites
they frequent, and injects malicious code into those sites
12.DoS: is a type of network attack in which an attacker attempts to disrupt or disable systems that provide
network services by various means, including:
• Flooding a network link with data to consume all available bandwidth.
• Sending data designed to exploit known flaws in an application.
• Sending multiple service requests to consume a system's resources.
2/
(50)
1. Phishing: : In This attack, the attacker sends an email that seems to come from a respected bank or other financial
institution, claiming that the recipient needs to provide an account number, Social Security number, or other private
information to the sender in order to verify an account
2. Spear Phishing: A phishing technique when attackers target a specific individual or institution
3. Whaling: is a form of spear phishing that targets individuals or organizations that are known to possess a good deal
of wealth
4. Vishing: is a human-based attack where the goal is to extract personal, financial, or confidential
information from the victim by using services such as the telephone system and IP-based voice
messaging services as the communication medium. This is also called voice phish- ing
5. Tailgating: This is a human-based attack where the attacker enters a secure area by following a legitimate employee
without the employee's knowledge or permission
6. Piggy Backing: Similar to tailgating, this is a situation where the attacker enters a secure area with an employee's
permission
7. Impersonation: is a human-based attack where an attacker pretends to be someone they are not.
A common scenario is when the attacker calls an employee and pretends to be calling from the help desk.
8. Dumpster Diving: A human-based attack where the goal is to reclaim important
information by inspecting
the contents of trash containers
9. Shoulder Surfing: This is an attack where the goal is to look over the shoulder of an individual as he or she enters
password information or a PIN
10.Hoax: is an email-based, IM-based, or web-based attack that is intended to trick the user into performing
1/
, Review of Attack Types & Terms (N10-008)
(50)
unnecessary or undesired actions, such as deleting important system files in an attempt to remove a virus. It could also
be a scam to convince users to give up important information or money for an interesting offer
11.Watering Hole Attack: is when the attacker targets specific groups or organiza- tions, discovers which websites
they frequent, and injects malicious code into those sites
12.DoS: is a type of network attack in which an attacker attempts to disrupt or disable systems that provide
network services by various means, including:
• Flooding a network link with data to consume all available bandwidth.
• Sending data designed to exploit known flaws in an application.
• Sending multiple service requests to consume a system's resources.
2/
