What is spam?
Spam is a cyber-attack in which attackers abuse e-mail systems to indiscriminately send unsolicited bulk messages containing, for example, legitimate advertising, scam offers, and malicious programs or code (malware).
What is phishing?
Phishing is a cyber-attack in which attackers disguise fraudulent emails and websites to trick you into entering personal information (e.g. usernames and passwords, or credit card information) by clicking on a link or opening an attachment. Phishing is generally aimed at a wide audience of potential victims, but attackers can use more sophisticated phishing methods such as:
- Spear phishing is an attack directed against specific individuals or organisations, rather than a wide audience of potential victims. Spear phishing attacks commonly utilise tactics like impersonating trusted individuals and other email personalisation (spoofing) or sharing inside information.
- Whaling is an attack directed specifically at senior executives or other high-profile targets within a company. Whaling attacks will often utilise the same tactics as spear phishing.
- Vishing (Voice Phishing or VoIP Phishing) is an attack carried out over telephone system to gain access to confidential information from users. Vishing attacks commonly utilize tactics such as caller ID impersonation and pre-recorded automated instructions for users requesting them to provide personal information.
What is malware?
Malware (or “malicious software”) is an umbrella term that describes any malicious program or code that is harmful to systems. Malware seeks to invade, damage, or disable computers, computer systems, networks, tablets, and mobile devices.
Malware is used by attackers to steal, encrypt, or delete your data, alter or hijack core computer functions, and spy on your computer activity without your knowledge or permission. There are several kinds of malware as described below:
- Trojan horses are delivery agents used to trick victims into installing malware by disguising it as what would appear to be a safe file. Trojan horses are used to evade security systems and are commonly used to gain unauthorised access to a system, deliver more malware onto the infected device, steal sensitive data, and perform denial of service attacks.
- Ransomware is malware designed to encrypt and restrict access to system data and/or resources behind a ransom demand. Ransomware decryption isn’t possible using removal tools leaving victims forced to pay the ransom (after which the attacker may remove the restrictions). Ransomware is commonly used to steal money from victims.
- Viruses are malware designed to spread, like a human virus, from one computer to another on the same network by inserting or attaching itself to a legitimate program or document that supports macros. Viruses are commonly used to steal data and passwords, corrupt and/or destroy data, send spam email to the victim’s contacts, and gain unauthorised access to an infected device.
- Worms are malware designed to spread copies of themselves from computer to computer without the help of human interaction or a software program to attach itself to. Worms are commonly used to gain unauthorized access to a system, modify or delete data, and deplete system resources to perform denial of service attacks.
- Spyware is malware designed to run secretly in the background of an infected device to collect data and monitor the victim’s activities without their knowledge and/or permission. Spyware is commonly used to monitor the victim’s web browsing patterns and capture and transmit sensitive information to attackers.
- Adware is malware designed to display advertising content on an infected device by using pop-up windows to flash advertisements and links to other websites. Adware programs commonly monitor the victim’s browsing activities and capture and transmit sensitive information to attackers.
- Scareware is malware designed to trick victims by using fake virus alerts, updates, or malware removal tools to scare the victim into entering their sensitive information to resolve the fake issue displayed by the attacker. Scareware is commonly used to scare the victim into downloading more malware onto their device.