Attack Library

baiting

Baiting

Baiting attacks lure victims with something enticing — a free download, a USB drive left in a public place, or a tempting offer. The bait contains malware or leads to credential theft. Unlike phishing, baiting relies on curiosity or greed rather than fear or urgency.

phishing

Phishing

Phishing is a cyberattack where attackers send fraudulent messages, typically via email, designed to trick victims into revealing sensitive information like passwords, credit card numbers, or personal data. These messages often impersonate trusted entities such as banks, tech companies, or government agencies.

pretexting

Pretexting

Pretexting involves an attacker creating a fabricated scenario (pretext) to gain a victim's trust and extract information. The attacker typically impersonates someone in authority — an IT administrator, auditor, co-worker, or law enforcement officer — and builds a believable backstory to justify their requests.

quid pro quo

Quid Pro Quo

Quid pro quo attacks involve an attacker offering something — typically a service or benefit — in exchange for information or access. Common examples include fake IT support offering to fix problems in exchange for login credentials, or surveys promising rewards for personal information.

smishing

Smishing

Smishing (SMS phishing) uses text messages to deceive victims into clicking malicious links, downloading harmful software, or revealing personal information. Attackers often impersonate banks, delivery services, or government agencies to create urgency and trick recipients into acting quickly.

spear phishing

Spear Phishing

Spear phishing is a highly targeted form of phishing where attackers customize their fraudulent messages for a specific individual, organization, or role. Unlike generic phishing, spear phishing uses personal information gathered from social media, company websites, or data breaches to make the attack more convincing.

tailgating

Tailgating

Tailgating (also called piggybacking) is a physical social engineering attack where an unauthorized person follows an authorized individual into a restricted area. The attacker exploits social norms and politeness to gain physical access to buildings, server rooms, or other secured spaces.

vishing

Vishing

Vishing (voice phishing) is a social engineering attack conducted over phone calls. Attackers use voice communication to impersonate trusted entities like tech support, banks, or government agencies to manipulate victims into providing sensitive information or making payments.