Phishing is a technique where cybercriminals use email to "fish" unsuspecting people, looking to infect them with malware or to steal credentials. They attack by sending emails that appear to be from reputable organizations that contain offers, coupons, requests for updates to account information, etc. What once appeared as emails from a Nigerian Prince offering money, have evolved into very authentic looking offers and/or threats.
Spear-phishing is an advanced form of phishing where the attacker has identified a victim or a target organization for their attack. They gather intelligence about an individual or the organization from websites, social-media sites or other sources (news publications, county records, etc.). They then craft sophisticated messages leveraging the intelligence that they have gathered to appeal to specific people. The specific and targeted information often causes unsuspecting recipients to trust the source and click in the email or download an infected attachment. Spear-phishing is currently one of the most serious threats to people and organizations.
Vishing is similar to phishing, except the attack vector is a phone call instead of an email. You may have experienced vishing in the form of fake IRS calls, fake loan offers or fake calls from I.T. staff. It is not as common, but because of the more intimate nature of a live conversation, vishing attacks can be successful.
Malware refers to any malicious code that can be introduced to your computer.
Examples of malware are:
- Virus: A virus is malicious code designed to spread quickly through an organization or network of people.
- Adware: Adware is code designed to present unwanted advertisements hoping to generate revenue for the author.
- Spyware: This one is very dangerous. It is used to track your activity. It can allow an attacker to build intelligence about you that will enable them to better attack you later.
- Worms: Worms are malicious code generally designed to destroy things on your computer.
- Trojan: A trojan is malicious code designed to appear as something safe. This disguise will lure a victim into installing malicious code without their knowledge. The malicious code can then be used to steal credentials, financial information, etc.
- Ransomware: Ransomware is malicious code designed to encrypt your data in a way that will make it inaccessible to you. The attacker will then offer to decrypt it for payment.