The steps that ensure that the individual is who he or she claims to be
a. Authentication
Authentication is a process that provides proof that the user is genuine and not an imposter. It is a way to prove that you are allowed to access a system. Usernames and Passwords have been the default method of authentication. These days though, passwords are not the only authentication mechanism.
A password attack in which every possible combination of letters, numbers, and characters is used to match passwords in a stolen password file
b. Brute force attack
An automated brute force attack involves repetitive successive attempts of password guesses by using a trial and error approach and hoping to guess the encryption correctly. It is an old attack method, but is still in effect and popular with hackers. It can take minutes to crack or an eternity. Using automated brute force attacks tools and programs, and attacker is able to enter parameters such as password length, character set, pattern, language, and skips for the type of password to be generated
A password attack that compares common dictionary words against those in a stolen password file.
c. Dictionary attack
A dictionary attack is another common offline password attack that begins with the attacker creating encrypted versions of common dictionary words and then compares these words against those in a stolen password file. This is sometimes very successful because users create passwords that are simple English dictionary words. A variation of such an attack is the hybrid attack.
A secret combination of letters, numbers, and/or symbols that serves to authenticate a user by what he or she knows.
d. Password
Nowadays, when accessing almost any computer device, systems, or a website, we are typically required to provide information that identifies and proves that we are actually that person. This is done by the use of passwords. Despite passwords being the primary means of authentication, they are no longer considered to be a strong defense against attackers.
Viewing information that is entered by another person
e. Shoulder surfing
An example of shoulder surfing is observing someone entering a code from a keypad while standing from a short distance. Another good example is a hotel room’s cipher lock. Cipher locks are vulnerable to shoulder surfing. Someone passing by from behind is able to see the buttons being pushed and can easily gain access when you leave.
Grouping individuals and organizations into clusters based on an affiliation
f. Social networking and not social engineering
The definition above is for social networking and not social engineering. Social networking sites are responsible for facilitating individuals with common interests and beliefs and operates and functions as an online community of users. Anyone on social media is able to read information posted by others. Thus, social networking carries with it cyber risks like personal data being used maliciously.
Redirecting a user to a fictitious website based on a misspelling of the URL
g. Typo squatting
Also known as URL hijacking, Typosquatting is a questionable type of cybersquatting that targets internet users who type a web address incorrectly. It is the extreme version and similar to phishing. When users make such errors, they may be lead to another alternative site owned by a hacker.
Phishing attack in which the attacker calls the victim on the telephone
h. Vishing
Instead of using emails or other forms of communication to contact the potential victim, a simple phone call can be used. Known as voice phishing, an attacker calls an unsuspecting victim and pretends to be someone working with the victim’s bank. The attacker lies to the user that his or her credit card has experienced fraudulent activity, instructs the victim to call a specific number and hangs up. Upon calling back, the victim is instructed by automated instructions telling them to enter credit card numbers and other essential details.
A phishing attack that targets wealthy individuals
i. Whaling
Whaling is a type of spear phishing where instead of targeting the small fish, it targets the “bigger fish” or the wealthy individuals who have larger sums of money in a bank account. By putting every effort on this group, the attacker can invest more time in the attack and achieve major success.