0800 / 27 00 001
We are thrilled to serve you

Mo-Th.: 08:00 - 18:00
Friday: 08:00 - 14:00
  2. Home
  3. Cyber Security
  4. Types of Cyber Attacks

Types of Cyber Attacks

Types of Cyber Attacks

There are many different types of cyberattacks used by attackers to access, manipulate or destroy systems and data. Here are some of the most common types of cyberattacks:

  1. Social Engineering

    Description: Social engineering is a cybercrime method in which attackers exploit human psychology and social interactions to gain access to confidential information, systems or facilities. Instead of exploiting technical vulnerabilities, social engineering aims to exploit human weaknesses such as trust, curiosity, credulity or fear. It is one of the oldest and most effective techniques in the world of cybercrime and the basis for the types of attacks described below.

    Examples: An attacker poses as a technician and persuades an employee to grant them access to an office or computer network.

    • An attacker calls a company and poses as an IT support employee to trick users into giving up their login credentials.
    • An attacker sends fake emails in the name of a trusted organization to trick users into clicking on malicious links or divulging sensitive information.
    • An attacker uses psychology, social dynamics and persuasion techniques to gain trust and get users to do things they wouldn't normally do.
  2. Phishing:

    Description: Attacks in which attackers send fake messages to trick victims into revealing sensitive information or downloading malware by clicking links or visiting crafted websites.

    Example: An email claiming to contain important information, which can usually be accessed by clicking on a malicious link.

  3. Smishing (SMS phishing):

    Description: phishing attacks carried out via SMS messages.

    Example: A text message claiming to be from a parcel delivery service and containing a link to track a parcel.

  4. Vishing (voice phishing):

    Description: phishing attacks carried out via phone calls to steal personal information.

    Example: A caller pretends to be a bank employee and asks for confirmation of account details.

  5. Quishing (QR Code Phishing):

    Description: Quishing is a modern form of phishing that uses QR codes to direct users to malicious websites or install malicious software (malware).

    Examples:

    • Fake payment requests: A QR code on a fake invoice that leads to a phishing website asking for payment information.
    • Fake WiFi hotspots: QR codes that claim to offer free WiFi access but actually contain links to a malicious website.
    • Fake contact tracing: QR codes that purport to be used for COVID-19 contact tracing but steal personal information.
  6. Spear Phishing:

    Description: Targeted phishing attacks aimed at a specific person or organization. The attackers often use personalized information to make the message more credible. The attacker has already obtained information about the victim in advance (e.g. via public information on the homepage or from social media) in order to target the victim on a specific topic.

    Example: An email that appears to come from a colleague and contains an urgent request.

  7. Whaling:

    Description: A form of spear phishing that targets high-ranking executives or wealthy individuals.

    Example: A fake email from a CEO sent to a CFO to initiate a wire transfer.

  8. Watering Hole

    Description: A watering hole attack is a targeted cyberattack in which attackers compromise a frequently visited website in order to infect visitors to that site. This type of attack often targets specific groups or organizations and is often used for espionage or to gain control of the target's systems.

    Example: When the targets visit the compromised website, malware is downloaded and executed on their systems. This can be done automatically by exploiting vulnerabilities in the browser or plugins, or through social engineering, where users are tricked into downloading and opening malicious files.

  9. Pharming

    Description: Pharming is a cyberattack in which attackers redirect traffic to a website in order to lead users to a fake website and steal their confidential information. Pharming differs from phishing in that it attacks the infrastructure and does not require the active participation of the victim.

    Examples:

    • DNS cache poisoning: An attacker manipulates the DNS cache of an Internet Service Provider (ISP) so that all users attempting to access a particular bank's website are redirected to a fake bank website.
    • Hosts file manipulation: A malware modifies the hosts file on the victim's computer so that requests to known e-commerce sites are redirected to fake websites.
  10. Baiting

    Description: Baiting is a form of social engineering in which attackers place malicious content to lure victims into opening, downloading or executing it. By using enticing offers such as free movies, music or software, attackers try to arouse the curiosity or interest of users and get them to perform rash actions that can lead to malware infections

    Example: An attacker places malicious files on websites or USB sticks and lures users into downloading and executing them by disguising them as attractive content (e.g. an Excel spreadsheet with the file name “Management Board Salaries.xlsx”).

Address

Frommel Datenschutz GmbH
Akazienstr. 6a
61352 Bad Homburg
Germany

Contact

Phone: 06172 / 1710179
Fax: 06172 / 1714896
WhatsApp: 06172 / 4954596
E-Mail: datenschutz@frommel.com
Web: datenschutz.frommel.com

Opening hours

Mo.-Th.: 08:00 a.m. – 06:00 p.m.
Friday : 08:00 a.m. – 02:00 p.m.
Saturday: on appointment

In case of emergencies at any time

Our strengths

  • Free and non-binding initial consultation
  • Competent, individual and ongoing support
  • Practical and illustrative use cases
  • Pragmatic solutions
  • Many years of experience