Malware (malicious software)

Any piece of software that is specifically designed to disrupt or damage a computer system. It carries out a hidden function on the target system for an attacker and comes in many different forms, such as ransomware, Trojans etc. Commonly installed alongside quasi-legitimate software, malware can also be disseminated via email attachments, web browsing and file sharing. Once malware is on the system, it can be difficult to detect and remove.


This type of attack is generally received via spam emails that appear to come from a legitimate organisation, for instance,a bank. The emails contain a link to a fake website that replicates a real one.The victim is then encouraged to input sensitive information, such as passwords. Typically, poor phishing attacks have bad spelling or grammar within the email. For those that look more professional, the only real giveaway is the fact the email asks the victim to click on a link.


An attack by someone trying to remotely access a company or personal IT system, using a variety of widely available tools and known vulnerabilities. Hackers target online services and IT systems to steal, corrupt or destroy information.

Invoice hijacking

A scam that involves fraudsters intercepting correspondence between two parties who have an existing contractual relationship. The fraudsters then invoice the target for services that have actually been rendered. Typically, the client receives an email asking for funds to be transferred to a separate account, perhaps “due to a limit being reached”. The fraudster provides details of a new account to which the client sends thefunds. This fraud will often rely on email correspondence being hacked, leading to disputes as to who was at fault. Invoice hijacking is likely to damage client relations and may cause reputational harm.

Social engineering

Humans are the weakest link in cybersecurity, and attackers use freely available information to pick out who is likely to be vulnerable. For example, the announcement of a planned merger could alert attackers that sensitive bid information may be available to steal. Information from social media, such as Twitter, Facebook and LinkedIn, can be very useful as people often discuss changes in their work and public life. The telephone is the most common form of social engineering. Attackers often use social engineering techniques, such as pretending to be IT support staff, to con users into giving away their passwords and then using those to access the system.


A type of malware that is usually spread by some form of social engineering. Typically, an end user will browse to a website that prompts the individual to run a Trojan. The websites that carry this out often appear to be legitimate and trusted. Messages are used to persuade the individual to click on a link, for instance, claiming a device is infected with a virus or a computer is running slow.


A type of malware that infects a computer or network, blocking the victim from some or all of a system/data. A sum of money is paid to the criminals, who then send the victim instructions on how to unlock the data. This is currently very common due to its ease of implementation and ability to extort funds directly from victims.

Web seeding techniques (such as malvertising)

These attempt to exploit vulnerabilities in frequently visited websites. The websites are hacked and used to deliver malicious software through adverts and downloads.

DDoS (distributed denial of service)

Attackers exploit the way systems provide services, such as email, information access requests and network timings. DDoS involves either interrupting or shutting down a target IT system by flooding it with requests, for instance, external emails. The target system is unable to respond effectively to the high volume of traffic and slows or shuts down. A DDoS attack commonly targets large services, such as email and websites, which has a follow-on effect to smaller entities.

Microsoft Office macro infections

A small program that runs in Microsoft Office applications and is increasingly being used to infect victims’ computers.

ATP (advanced persistent threat)

An APT attack borrows from other threats, such as phishing and social engineering. The phishing mechanism in this attack is known as spear phishing, which involves sending emails to multiple employees. A Trojan is usually attached in the hope that at least one individual will mistakenly run the malware. Once this is started, the entire network can be quickly compromised. These types of attacks are difficult to identify as they involve detecting unusual patterns of activity on a network.


A type of malware that, when executed, replicates by reproducing itself (copying its own source code) by infecting other computer programs by modifying them.

Vishing (or voice phishing)

The victim receives a phone call from someone claiming to be from a bank’s fraud unit. The caller may know the victim’s name and account number. In the case of a firm, the caller will often ask for the head of finance or head cashier by name. The caller display can even show the correct bank phone number if the fraudster has created a false number. The caller will warn about possible suspicious activity on the bank account and might even be able to give genuine details of recent transactions. The fraudster will then claim that the account has been frozen due to suspect transactions but that payments can be made with their assistance. The victim is then persuaded to either provide details of passwords and account details or transfer a sum of money directly to the fraudsters to overcome the problem. Sometimes the fraudster will keep the phone line open and advise the victim to call their bank, remaining on the line without the victim’s knowledge during the call.