Phishing is the use of digital communications to trick people into revealing sensitive data or deploying malicious software.

• Business Email Compromise (BEC): A threat actor sends an email message that seems to be from a known source to make a seemingly legitimate request for information, in order to obtain a financial advantage.
• Spear phishing: A malicious email attack that targets a specific user or group of users. The email seems to originate from a trusted source.
• Whaling: A form of spear phishing. Threat actors target company executives to gain access to sensitive data.
• Vishing: The exploitation of electronic voice communication to obtain sensitive information or to impersonate a known source.
• Smishing: The use of text messages to trick users, in order to obtain sensitive information or to impersonate a known source.

Malware is software intended to cause harm to devices or networks, with various types existing. Its main goals are financial gain or, occasionally, gaining an intelligence advantage against individuals, organizations, or territories.

• Viruses: Malicious code that infects files, causing damage when activated by users through attachments or downloads.
• Worms: Self-replicating malware that spreads across networks without user interaction, infecting multiple devices.
• Ransomware: Encrypts data and demands payment for decryption, commonly used for extortion.
• Spyware: Covertly collects and sells personal information from devices without user consent.

Social Engineering is a manipulation technique that exploits human error to gain private information, access, or valuables. Human error is usually a result of trusting someone without question.

• Social Media Phishing: Threat actors gather detailed target information from social media platforms before launching attacks.
• Watering Hole Attack: Threat actors target websites frequented by specific user groups to infiltrate their systems.
• USB Baiting: Threat actors leave malware-infected USB drives in strategic locations for employees to discover and unwittingly infect their network.
• Physical Social Engineering: Threat actors impersonate employees, customers, or vendors to gain unauthorized access to physical premises.