Types of cyber security risks

Phishing uses disguised email as a weapon. The email recipient is tricked into believing that the message is something they want or need — a request from their bank, for instance, or a note from someone in their company — and the recipient then clicks a link or downloads an attachment.

Vishing is a similar type of attack where voice is used instead of email. Attackers will phone a victim to prime an attack or ask to guide them through changing settings or disclosing a password.

Spoofing sees attackers impersonating people familiar to the victim either by sending an email as someone else, or changing the address very slightly to appear as if from the legitimate sender.

Pharming attacks involve a hacker sending the same email to many recipients and then waiting to see which recipients respond.
Whaling is a specific form of phishing that personalises the attack towards high-profile people in senior positions.

Ransomeware occurs when data is encrypted within an organization. The hacker then requests payment in bitcoin to receive a code to unlock the user’s files.