| Phishing |
Fraudulent attempts to obtain sensitive information by disguising as a trustworthy entity. |
High |
Educate users, implement email filtering. |
Individuals, Businesses |
| Data Breach |
Unauthorized access to confidential data, often leading to theft of personal information. |
High |
Use encryption, conduct regular security audits. |
Corporations, Healthcare Providers |
| Skimming |
Devices placed on ATMs to capture card information. |
Medium |
Install anti-skimming devices, monitor ATM equipment. |
Bank Customers |
| Social Engineering |
Manipulating individuals into divulging confidential information. |
High |
Train employees on recognizing tactics. |
Employees, Customers |
| Ransomware |
Malware that encrypts data and demands ransom for recovery. |
High |
Regularly back up data, use antivirus software. |
Individuals, Organizations |
| Keylogger |
Software or hardware that records keystrokes to capture passwords and sensitive data. |
High |
Use anti-keylogger software, type password with care. |
Individuals, Businesses |
| Spyware |
Malicious software that gathers data without user consent. |
Medium |
Use anti-spyware, maintain system updates. |
Individuals, Businesses |
| Credential Stuffing |
Using stolen credentials to gain unauthorized access to accounts. |
High |
Implement two-factor authentication, use complex passwords. |
Web Services, Online Accounts |
| Man-in-the-Middle Attack |
Intercepting communications between two parties to steal information. |
High |
Use encrypted connections (HTTPS), VPNs. |
Online Transactions, Communications |
| SIM Swapping |
Fraudulent transfer of a victim's phone number to a malicious SIM. |
High |
Contact mobile provider, use extra verification. |
Individuals, Executives |
| Fake Websites |
Impersonating legitimate websites to capture data. |
High |
Check URLs, use security software. |
Individuals, Online Shoppers |
| Live Phishing Calls |
Fraudulent phone calls aimed at retrieving sensitive information. |
Medium |
Verify caller identity, report suspicious calls. |
Individuals, Professionals |
| Malware |
Malicious software that disrupts, damages, or gains unauthorized access to computer systems. |
High |
Use antivirus software, avoid unsafe downloads. |
Individuals, Organizations |
| Data Mining |
Using personal data without consent for profit. |
Medium |
Enforce data protection regulations, opt-out mechanisms. |
Users of Online Services |
| Insider Threat |
Employees or associates who misuse their access for malicious intents. |
High |
Conduct background checks, monitor user activities. |
Organizations |
| Physical Theft |
Theft of devices containing personal information. |
High |
Implement physical security measures, lock devices. |
Individuals, Businesses |
| Account Takeover |
Gaining unauthorized access to a user's account and taking control. |
High |
Use multi-factor authentication, monitor account activity. |
Online Accounts |
| Unsecured Wi-Fi |
Accessing public Wi-Fi networks can expose data to theft. |
Medium |
Use VPN, avoid sensitive transactions on public networks. |
Individuals, Travelers |
| Online Social Networks |
Information shared can be exploited for identity theft. |
Medium |
Limit personal information sharing. |
Individuals, Social Media Users |
| Tax Identity Theft |
Using someone else's identity to file taxes and claim refunds. |
High |
File taxes early, monitor credit reports. |
Individuals, Taxpayers |
| Child Identity Theft |
Identity theft targeting children, often unnoticed for years. |
High |
Monitor children's credit, lock their credit files. |
Parents, Guardians |
| Business Identity Theft |
Using a company's name to obtain credit or services. |
High |
Monitor business credit, regularly review accounts. |
Businesses |
| Pharming |
Redirecting users from legitimate websites to fraudulent ones. |
High |
Use domain verification, educate users. |
Online Users |
| Data Selling |
Selling user data without consent, violating privacy laws. |
Medium |
Enforce transparency, provide data opt-out options. |
Online Platforms |
| Credential Harvesting |
Gathering usernames and passwords through deceptive means. |
High |
Implement strong passwords, use password managers. |
Individuals, Businesses |
| Fake Charities |
Impersonating charities to solicit donations for personal gain. |
Medium |
Research charities, verify legitimacy before donating. |
Donors, Individuals |
| Pretexting |
Creating a false scenario to steal personal information. |
High |
Verify caller identity, be cautious with personal data. |
Individuals, Employees |
| Online Auction Scams |
Fraudulent sellers misrepresenting items for sale. |
Medium |
Buy from reputable platforms, read reviews. |
Online Shoppers |
| Pump and Dump Scams |
Manipulating stock prices and then selling to make profit. |
Medium |
Conduct thorough research on stocks before investing. |
Investors |
| Data Leakage |
Accidental exposure of sensitive information due to poor security practices. |
Medium |
Implement data loss prevention solutions, regular training. |
Businesses |
| Spyware on Public Devices |
Installing spyware on shared or public computers to steal data. |
High |
Avoid entering sensitive information on public devices. |
Public Device Users |
| Carding |
Using stolen card details to make fraudulent purchases. |
High |
Monitor account statements, report suspicious activity. |
Online Shoppers |
| Malicious Apps |
Apps designed to steal personal information under the guise of functionality. |
High |
Only download from reputable sources, check app permissions. |
Smartphone Users |
| Browser Hijacking |
Redirecting browsers to malicious sites without user consent. |
Medium |
Use trusted antivirus, reset browser settings. |
Web Users |
| Unpatched Software |
Exploiting known vulnerabilities in software that hasn't been updated. |
High |
Regularly update all software and systems. |
Individuals, Organizations |
| Social Media Scams |
Using social media to deceive individuals into giving up personal information. |
Medium |
Be cautious about sharing information online. |
Social Media Users |
| Email Spoofing |
Faking the sender's email address to trick the recipient. |
High |
Verify email sources, use email authentication protocols. |
Individuals, Businesses |
| Online Dating Scams |
Fraudulent individuals using dating platforms to gain trust and steal money. |
Medium |
Be cautious with sharing sensitive information online. |
Online Daters |
| SMS Phishing (Smishing) |
Using SMS messages to trick users into giving information. |
High |
Be wary of unexpected text messages, verify links. |
Mobile Users |
| Fake Reviews |
Posting false reviews for products or services to deceive customers. |
Medium |
Research products from multiple sources, verify reviews. |
Consumers, Online Shoppers |
| Website Vulnerabilities |
Exploiting weaknesses in a website to steal data. |
High |
Regularly test and patch web applications. |
Website Owners, E-commerce Sites |
| Impersonation on Social Media |
Creating fake profiles to impersonate others and manipulate friends. |
Medium |
Monitor social media accounts for unauthorized access. |
Individuals, Businesses |
| Fake Invoices |
Sending fraudulent invoices to trick businesses into making payments. |
Medium |
Verify invoices with the sender before payment. |
Businesses |
| Remote Access Trojans (RATs) |
Malware that allows a hacker remote access to a system. |
High |
Use firewalls, regularly scan systems for malware. |
Individuals, Organizations |
| Employee Phishing |
Using targeted phishing attempts against employees to obtain internal information. |
High |
Conduct regular phishing simulations and training. |
Organizations |
| Website Cloning |
Creating an exact replica of a website to deceive users. |
High |
Check site certificates, avoid entering personal data. |
Individuals, Online Users |
| Unsecured Data Storage |
Storing sensitive data improperly leading to exposure. |
High |
Use encryption and secure access controls. |
Businesses |
| Payroll Fraud |
Manipulating payroll systems to divert payments to unauthorized individuals. |
High |
Regular audits and verifications of payroll processes. |
Organizations |
| Social Security Number (SSN) Theft |
Stealing SSNs to open fraudulent accounts or secure benefits. |
High |
Monitor SSN usage, consider a credit freeze. |
Individuals |
| Wi-Fi Eavesdropping |
Intercepting information transmitted over unsecured Wi-Fi networks. |
High |
Use VPNs when on public networks. |
Individuals, Businesses |
| Public Records Access |
Exploiting publicly available records for identity theft. |
Medium |
Limit availability of sensitive public records. |
Governments, Organizations |
| Complexity Attacks |
Using sophisticated methods to exploit flaws in systems. |
High |
Employ advanced security measures and AI-driven monitoring. |
Large Organizations |
| Vishing (Voice Phishing) |
Scammers making phone calls to manipulate victims into revealing information. |
High |
Protect personal info, verify source of calls. |
Individuals, Businesses |
| Cloud Security Breaches |
Exploiting vulnerabilities in cloud services to steal data. |
High |
Use trusted cloud services, regular security assessments. |
Businesses, Individuals |
| SIM Card Cloning |
Duplicating a SIM card to gain access to a victim's phone lines. |
High |
Monitor for unusual activities on accounts. |
Individuals |
| Credit Card Information Theft |
Stealing credit card details to make unauthorized transactions. |
High |
Use secure payment methods, monitor transactions. |
Consumers |
| Extortion Scams |
Threatening to release sensitive information unless a ransom is paid. |
High |
Report threats to authorities, maintain privacy. |
Individuals, Organizations |
| Internet of Things (IoT) Vulnerabilities |
Exploiting poorly secured IoT devices to access networks. |
High |
Secure all IoT devices, implement network segmentation. |
Homes, Businesses |
| Presidential Scams |
Frauds impersonating authorities to extract information. |
Medium |
Educate about verification processes, report scams. |
Individuals, Businesses |
| Pump-and-Dump Cryptocurrency Scams |
Manipulating cryptocurrency values and profiting by selling high. |
Medium |
Research investments thoroughly, avoid hasty decisions. |
Investors |
| Tech Support Scams |
Fraudulent calls pretending to be from tech support to gain access to systems. |
Medium |
Verify identity before sharing information or allowing access. |
Individuals, Businesses |
| Authentication Bypass |
Exploiting vulnerabilities to bypass authentication mechanisms. |
High |
Regular criminal audits and updates to security protocols. |
Web Services |
| DNS Spoofing |
Redirecting DNS queries to a fraudulent site. |
High |
Implement security measures on DNS servers, use DNSSEC. |
Online Users |
| Phishing Kits |
Selling ready-made frameworks for executing phishing attacks. |
High |
Educate users and implement strong security protocols. |
Individuals, Businesses |
| Online Surveys Scams |
Collecting personal data through fraudulent surveys. |
Medium |
Avoid providing sensitive information, skeptical of surveys. |
Online Users |
| Search Engine Optimization (SEO) Scams |
Deceiving users through deceptive SEO techniques. |
Medium |
Use trusted SEO practitioners, verify results carefully. |
Businesses |
| Referral Scams |
Referencing fake programs or deals to gather personal data. |
Medium |
Research offers carefully, verify through official channels. |
Online Consumers |
| Ad Fraud |
Exploiting online ads to generate fraudulent clicks or views. |
Medium |
Use reputable ad networks, monitor ad performance closely. |
Advertisers |
| Logic Bombs |
Code that triggers malicious activity under specific conditions. |
High |
Conduct thorough code audits, secure development practices. |
Software Developers |
| Fake Jobs |
Posting non-existent job opportunities to collect personal information. |
Medium |
Verify job postings, research companies before applying. |
Job Seekers |
| Deepfake Technology |
Using AI to create realistic fake images or sounds to deceive individuals. |
High |
Educate about deepfakes, verify with trusted sources. |
Public Figures, Individuals |
| Dumpster Diving |
Searching through garbage for sensitive information. |
Low |
Shred documents before disposal, use secure disposal methods. |
Individuals, Organizations |
| Online Gaming Scams |
Manipulating gamers into disclosing personal information or money. |
Medium |
Be cautious in gaming environments, verify players' identities. |
Gamers |
| Investment Scams |
Fraudulent schemes that promise abnormally high returns. |
High |
Research investment opportunities thoroughly, be skeptic of high returns. |
Investors |
| Phony Tech Updates |
Fraudulent updates trick users into downloading malware. |
High |
Use official sources for updates, confirm updates before installation. |
Individuals |
| Personal Information Auctions |
Illegally selling stolen personal data online. |
High |
Regularly monitor credit reports, implement fraud alerts. |
Individuals |
| Counterfeit Products |
Selling fake or substandard products under a brand name. |
Medium |
Buy from authorized retailers, check product authenticity. |
Consumers |
| Application Layer DDoS Attacks |
Overloading servers with traffic to render them unresponsive. |
High |
Implement rate limiting and traffic analysis. |
Web Services |
| Corporate Espionage |
Stealing sensitive corporate information for competitive advantage. |
High |
Implement robust internal security policies, training. |
Businesses |
| Fake Antivirus Software |
Malware disguised as antivirus tools to steal information. |
High |
Use reputable antivirus programs, avoid unknown software. |
Individuals |
| Forms of Identity Fraud |
Using an individual's personal information for fraudulent purposes. |
High |
Monitor credit, regularly change passwords, use fraud alerts. |
Individuals |
| Trojans |
Malicious software disguised as legitimate software. |
High |
Use reliable security software, avoid untrusted downloads. |
Individuals, Organizations |
| Internet Scams |
Broad category encompassing various online fraud schemes. |
High |
Exercise caution online, verify sources of information. |
Consumers |
| Chain Letters |
Soliciting personal information under the guise of a letter. |
Medium |
Avoid responding to chain letters, recognize scams. |
Individuals |
| Phantom Warehousing |
Falsifying charges for nonexistent warehouses to steal money. |
Medium |
Verify warehousing agreements, audit logistics regularly. |
Shippers, Businesses |
| Identity Cloning |
Stealing an individual's identity and impersonating them in daily life. |
High |
Monitor identity closely, report suspicious activity. |
Individuals |
| Online Auction Fraud |
Fraud in bidding or trading goods and services online. |
Medium |
Use reputable auction sites, verify sellers. |
Online Buyers |
| Multi-Level Marketing Scams |
Using deceptive practices to solicit investments from unsuspecting individuals. |
Medium |
Research before investing, verify legitimacy. |
Investors |